Protect main Branch, with Automated QA

This is a how-to Guide, with everything you need, to "protect" your
main branch, involved in release-me Phase 2 Git Ops Process.

Prerequisites

• a github repository
• account with permission to Repository Settings

Guide

1. Navigate to in your Repository Settings on github.com

   

2. Click branches under Code and Automation

   

3. Ensure there is Rule that matches the main name pattern

4. Allow code merges in main only via PR

   

5. Allow merges in main only if latest commit (of head Branch) passed QA on CI

   1. Require (CI) Status Check on most recent commit

      

   2. Wire-up your CI Checks into Single QA Job, to model Acceptance, with a logical QA signal

      Tip

      Typical CI Jobs Unit Tests, Integration Tests, automated QA, Static Code Analysis, e2e, Functional Tests

      Add in your CI/CD Workflow the Single Status Job. See examples below:

      B -> T -> DB -> Parallel T -> DB -> T Matrix -> DT1 -> B -> T2 -> D

          name: 'CI/CD 3-Phases Pipeline'
          on:
            push:
              branches:
                - main
          jobs:
            build:
              runs-on: ubuntu-latest
              steps:
                - run: echo "Build Finished :)"
      
            test:
              needs: build
              runs-on: ubuntu-latest
              # Unit Testing
              # Functional Testing
              steps:
                - run: echo "Test Finished :)"
      
            deploy:
              needs: test
              runs-on: ubuntu-latest
              steps:
                - run: echo "Deploy Finished :)"
      
            ### Git Ops: Check PR Acceptance ###
            qa_signal:
              needs: test
              uses: boromir674/automated-workflows/.github/workflows/go-single-status.yml@ffac270355ffe73cb8ab2bd2477ce6b20efca912  # v1.7.0
              with:
                needs_json: '${{ toJson(needs) }}'
      

          name: 'CI/CD Pipeline'
          on:
            push:
              branches:
                - main
          jobs:
            build:
              runs-on: ubuntu-latest
              steps:
                - run: echo "Build Finished :)"
      
            test:
              needs: build
              runs-on: ubuntu-latest
              # Unit Testing
              # Functional Testing
              steps:
                - run: echo "Test Finished :)"
      
            integration_tests:
              needs: build
              runs-on: ubuntu-latest
              steps:
                - run: echo "Test Integration Finished :)"
      
            deploy:
              needs: [test, integration_tests]
              runs-on: ubuntu-latest
              steps:
                - run: echo "Deploy Finished :)"
      
            ### Git Ops: Check PR Acceptance ###
            qa_signal:
              needs: [test, integration_tests]
              uses: boromir674/automated-workflows/.github/workflows/go-single-status.yml@ffac270355ffe73cb8ab2bd2477ce6b20efca912  # v1.7.0
              with:
                needs_json: '${{ toJson(needs) }}'
      

          name: 'CI/CD Pipeline'
          on:
            push:
              branches:
                - main
          jobs:
            build:
              runs-on: ubuntu-latest
              steps:
                - run: echo "Build Finished :)"
      
            test:
              needs: build
              runs-on: ubuntu-latest
              strategy:
                matrix: ['py311', 'py312']
              steps:
                - run: echo "Test ${{ strategy.matrix }} Finished :)"
      
            integration_tests:
              needs: build
              runs-on: ubuntu-latest
              steps:
                - run: echo "Test Integration Finished :)"
      
            deploy:
              needs: [test, integration_tests]
              runs-on: ubuntu-latest
              steps:
                - run: echo "Deploy Finished :)"
      
            ### Git Ops: Check PR Acceptance ###
            qa_signal:
              needs: [test, integration_tests]
              uses: boromir674/automated-workflows/.github/workflows/go-single-status.yml@ffac270355ffe73cb8ab2bd2477ce6b20efca912  # v1.7.0
              with:
                needs_json: '${{ toJson(needs) }}'
      

          name: 'CI/CD Pipeline'
          on:
            push:
              branches:
                - main
          jobs:
            test_1:
              runs-on: ubuntu-latest
              steps:
                - run: echo "Test 1 Finished :)"
      
            build:
              needs: test_1
              runs-on: ubuntu-latest
              steps:
                - run: echo "Build Finished :)"
      
            test_2:
              needs: build
              runs-on: ubuntu-latest
              strategy:
                matrix: ['py311', 'py312']
              steps:
                - run: echo "Test ${{ strategy.matrix }} Finished :)"
      
            deploy:
              needs: test_2
              runs-on: ubuntu-latest
              steps:
                - run: echo "Deploy Finished :)"
      
            ### Git Ops: Check PR Acceptance ###
            qa_signal:
              needs: [test_1, test_2]
              uses: boromir674/automated-workflows/.github/workflows/go-single-status.yml@ffac270355ffe73cb8ab2bd2477ce6b20efca912  # v1.7.0
              with:
                needs_json: '${{ toJson(needs) }}'
      

      Above shorthands B, T, D correspond to typical Build, Test, Deploy CI/CD Jobs

      Tip

      Shrinks the interfacing surface beween Git Ops Acceptance and your CI/CD Pipeline

   3. Include the Single QA Job in the Required Status Checks the Wire-up your CI Checks into Single QA Job

      

Congratulations!

You should now have protected your main branch according to Git Ops!