Default Branch Write Access

This public content is an excerpt from Flutter staff GitHub docs. It is published as a reference to show how GitHub is used for inner source at Flutter.

The default branch of a repository (main or master) is typically more important than other temporary branches. It usually contains the code that will be used in production. Write access to the default branch should be protected to reduce the risk of mistakes or subversive contribution.

Risk Severity

The risk severity of direct write access to a repository is determined by the number of users that can perform this action.

Number of Admins Severity Why
<200 None There are many workflow setups where direct write to the default branch for a group of editors is normal.
200+ High Over 200 contributors with direct write access to the default branch is usually a setup mistake and is typically high risk.

This risk is reported for your repository or capability in the service catalogue.

Default Branch Protection

GitHub branch protection rules (GitHub docs) can restrict the default branch to mitigate this risk. How you use them will depend on your workflow and branching strategy.

If you use a capability codebases.json to manage your repository then you can use that to configure your desired branch protection for the repositories within that capability.

Repo Admin
Overview