█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Software Engineering/Git and GitHub Pro/Advanced GitHub: Branch Protection and CODEOWNERS
45 minIntermediate

Advanced GitHub: Branch Protection and CODEOWNERS

After this lesson, you will be able to: Configure protected branches, required reviews, status checks, CODEOWNERS, and GitHub Projects so your repo enforces the workflows you actually want.

GitHub's defaults are designed for a single-developer hobby project. Turning a repo into a team-grade artifact takes 30 minutes of configuration and saves hundreds of hours over the project's life.

Prerequisites:Rebasing vs Merging

Branch protection (the must-have)

Settings > Branches > Add rule for `main` (and any other release branch). Enable: Require pull request before merging. Require approvals (1 or 2). Require status checks to pass (your CI). Require branches to be up to date before merging. Require linear history (if you use squash or rebase merge). Restrict who can push (no one, force-push goes through PRs only). These rules are enforced server-side, so even an admin's mistake can't ship broken code straight to main.

CODEOWNERS: auto-request review from the right team

Place this in `.github/CODEOWNERS`. GitHub auto-requests review from owners when their files change.

tsx
# Catch-all: any change requests review from @platform-team
* @your-org/platform-team
# Frontend-specific
src/app/ @your-org/frontend-team
*.tsx @your-org/frontend-team
# Database migrations require an extra reviewer
prisma/migrations/ @your-org/db-leads
# Specific files always require security review
.github/workflows/ @your-org/security-team
src/lib/auth/ @your-org/security-team
# A specific person owns this critical file
src/lib/billing.ts @alice
# Order matters: later patterns override earlier.
# CODEOWNERS becomes 'required reviewer' if you enable the branch-protection toggle.

Status checks: the gate that runs your tests

A status check is a GitHub Action (or other CI) that reports pass/fail per commit. Branch protection can require specific checks to pass before merge. Typical required checks: lint, unit tests, type check, build success. Optional checks (nice to have but not blocking): performance budgets, bundle size, visual regression. Required checks should run fast (under 5 min total); optional checks can be slow.

GitHub Projects for issue tracking

GitHub Projects (the new 'Projects v2') is a Notion-like board built on top of Issues and PRs. Free for unlimited contributors on public repos; included for orgs on paid plans. Common views: Kanban board (Todo / In Progress / Review / Done), Table view (filter by milestone), Roadmap (timeline). Custom fields: priority, estimate, sprint, owner. Each Issue + PR auto-syncs status from its state. For most small/medium teams, this replaces Jira-equivalent tooling.

Hands-on: harden a repo in 30 minutes

Pick any repo you own. Apply this exact sequence.

  1. 1

    Settings > Branches > Add rule for main. Require PR + 1 approval + status checks + linear history. Save.

  2. 2

    Add .github/CODEOWNERS (use the example above, simplified for your team).

  3. 3

    Add .github/PULL_REQUEST_TEMPLATE.md (from se-fund-05 lesson).

  4. 4

    Add .github/ISSUE_TEMPLATE/bug_report.md and feature_request.md (GitHub gives you starter templates from the Issues settings).

  5. 5

    Create a Project: Projects > New project > pick the Kanban template. Add fields: Priority (Low/Med/High), Estimate (XS/S/M/L), Sprint (2-week tags).

  6. 6

    Wire the repo's Issues into the project automatically: Project settings > Manage access > Repositories > add.

  7. 7

    Verify: open a PR from a fresh branch; the template fills in, the CODEOWNERS reviewers are requested, the status checks gate the merge.

Common mistakes only experienced engineers avoid

Branch protection that allows admins to bypass. Disable that toggle; if a senior engineer needs to bypass, they should know they're doing it (use --no-verify locally, not server admin override). CODEOWNERS without follow-through. If the owners can't review fast, PRs stall. Set up alerting for stale reviews. Status checks that nobody trusts because they flake. Fix flakes immediately; flaky tests teach the team to ignore CI. Project boards that fall out of date. Make it a habit to drag cards live during standup so the board reflects reality.

Quick Check

Which branch protection rule prevents 'one person pushed broken code to main at 2am'?

Pick the strongest single rule.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←Advanced Git: cherry-pick, reflog, bisect, submodules
Back to Git and GitHub Pro
GitHub Actions in Depth→