Your main branch isn't protected

[OverLordGoldDragon]

After running a bunch of commands trying to create and delete tags and branches, I see the following

What is it, and how should I handle it? My other repositories don’t have it.

[jsoref]

This appears to be a nudge that GitHub is incrementally deploying.

The best practice is to add protection.

https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/defining-the-mergeability-of-pull-requests/about-protected-branches

[GLD5000]

Ditto- it is just a reminder to set some rules on your main branch - nothing to worry about!

You can just set the rule to disallow direct pushing to main, for example, and it will go away.

Hope that helps,

G

[OverLordGoldDragon]

Thanks. So what is the trigger? I did just notice that some of my other repositories have it, but can’t tell what sets them apart.

[jsoref]

I doubt anyone from GitHub will answer. Large entities do A-B testing, canary releases, incremental releases, etc.

  <a href="https://harness.io/blog/continuous-verification/blue-green-canary-deployment-strategies/" target="_blank" rel="noopener" title="05:00PM - 15 January 2021">Harness.io – 15 Jan 21</a>

Intro to Deployment Strategies: Blue-Green, Canary, and More | Harness

In our Blue-Green vs Canary deployment strategies blog, we go over basic, rolling, blue-green, & canary to help you make the right choice.

It’s possible they randomly selected one repository per user for some fraction of their user base. There’s no reason to do it for all your repositories, that’d presumably annoy you more, which isn’t what they need when they’re gathering data.

Anyway, it is a best practice, so you could just take the hint and apply it everywhere (you don’t have to, I haven’t, although I probably will for the base repositories that I care about).

[OverLordGoldDragon]

Well if everyone’s being pinged to ‘fix’ something, at the least a brief explanation is due so we don’t think we broke something. I hope they add some info or reply here.

[ryanwags]

I thought this feature was only available for paid tiers or public repos. That’s what their pricing page still says. I couldn’t find any announcement about Branch Protections being made available to everyone, did I miss something?

[jsoref]

If you want a direct response, open a ticket via:

  <a href="https://support.github.com/" target="_blank" rel="noopener">support.github.com</a>

GitHub Support

GitHub Support is here to help. Learn about GitHub products, browse our helpful resources, and contact support with your questions.

Don’t expect an instant response (it could take 2 weeks, especially if they happen to take a company-wide vacation for a week, but that happened recently, so I don’t expect it to happen again anytime soon.)

[jsoref]

I don’t think anyone has said they’re an unpaid-subscription w/ a private repo.

[ryanwags]

Sorry, I know OP didn’t say they were unpaid/private. I came here looking for info about the same topic and this was the only post I found on the matter.

[realmazharhussain]

This appeared on one of my repos when I pushed some commits to main branch and then did a git reset on local repo and then force pushed again.

It seems like this message appears when we force push something to the main branch.

[ryanckulp]

perhaps just tangentially related but we have a free Github plugin that adds more granular controls to protected branches, merges, and code freezes.

this also lets you add a “note” whenever a branch gets frozen, so other team members have context.

100% free for open source:

  <a href="https://github.com/marketplace/merge-freeze" target="_blank" rel="noopener nofollow ugc">GitHub</a>

Merge Freeze - GitHub Marketplace

The code freeze tool to block merging and deployments

Ryan

[OverLordGoldDragon]

GitHub Support:

Please do not be alarmed, you have not broken anything on your repository. We introduced a prompt for repository owners and admins to protect their default branches ... the prompt [is] displayed to any admins with more than one branch in a repository.

I've confirmed this, creating branch creates banner, deleting branch deletes banner.

[fransf-wtax]

I think you’ve hit the nail on the head: this is obviously a way GitHub has come up with to scare people who need to keep their repositories private into upgrading to a paid tier.

[Alleged627]

Same thing is happening to me

[brandonrosage]

👋🏼 Thanks for the feedback, y'all. I'm Brandon Rosage, a product manager at GitHub, and I'm leading an initiative that introduced these messages about branch protection rules.

The intent of introducing the message was to make the feature -- the ability to create rules that protect your branches -- more discoverable and accessible to all users. This intent was derived from feedback that users who use "protected branches" gave us regarding how highly they value it, despite having to work hard to learn about and/or stumble upon it in the first place.

So we developed an initiative that introduces an experiment in which admins for any repo that has more than one branch and no existing branch protection rules is told that their default branch isn't protected, with a button to add a rule.

In doing so, we also introduced access to creating branch protection rules on any repo. Before, it was inaccessible to private repos owned by accounts using GitHub Free. With the introduction of the experiment, however, those repos are limited only in the enforcement of the rules they create.

We make an earnest attempt to communicate all of this as users encounter the messaging. But the feedback y'all have provided here is gold. So we'll be iterating this month to ensure the most effective treatment is used, and that we don't stoke any fear that something is broken.

Rest assured, our intent is not to scare anyone (neither that anything is broken or that we prefer repos use a certain visibility setting). It's simply to communicate the value of a feature that users have told us they value, but had a hard time discovering.

I'm happy to address any other concerns or questions here 👍🏼

[jsoref]

It shouldn't. Obviously you'll want to read the text and think through what each toggle means. If you run into problems, you can ask for support here (or via support).

If you're the only contributor to a repository, then requiring approvals will probably not work well because you can't approve your own PR.

[Alleged627]

Crap what do I do there was someone helping in the beginning I just didn’t know if it was good guys or bad guys at the time because I got hacked and so I started thinking everyone was trying to get me so I apologize if I messed stuff up

[ardunster]

I haven't used github for personal projects in a few months, and now all of my personal repos have this alert. it's super annoying. I don't need branch protection from myself, and I know it exists and how to use it when I want to. Can I disable this alert?

[mrleblanc101]

Would it be possible to remove the warning if there is no other contributors ?
I don't need to protect branches on project I'm alone.

[frauikram]

@brandonrosage Thank you for the explanation, however, instead of

your <main> branch isn't protected,

a text like:

No additional protection rules are configured for this branch

would have been helpful, in my honest opinion.