uranch protection quickref
Quick guide for developers working with protected branches.
🚫 What You Can’t Do
Section titled “🚫 What You Can’t Do”- Push directly to
mainbranch - Force push to any protected branch
- Delete protected branches or tags
- Bypass CI checks
- Merge without required reviews
✅ What You Should Do
Section titled “✅ What You Should Do”Making Changes
Section titled “Making Changes”-
Create a feature branch from
main:Terminal window git checkout maingit pull origin maingit checkout -b feature/your-feature-name -
Make your changes and commit:
Terminal window git add .git commit -s -m "feat: your descriptive message"Note:
-sflag signs your commit (required!) -
Push to your fork:
Terminal window git push origin feature/your-feature-name -
Open a Pull Request on GitHub
PR Requirements Checklist
Section titled “PR Requirements Checklist”Before your PR can be merged:
- All CI checks pass (test, lint, build, coverage)
- At least 1 approving review from a maintainer
- All review comments are resolved
- Commits are signed (DCO)
- Branch is up-to-date with
main
Required Status Checks
Section titled “Required Status Checks”Your PR must pass these automated checks:
| Check | Description | Fix If Failing |
|---|---|---|
test | Unit tests | Run make test locally |
lint | Code linting | Run make lint locally |
build | Build verification | Run make build locally |
coverage | Coverage + SonarCloud | Check test coverage |
Getting Your PR Merged
Section titled “Getting Your PR Merged”- Wait for CI - All checks must pass
- Request review - Tag appropriate reviewers (see CODEOWNERS)
- Address feedback - Respond to all review comments
- Resolve conflicts - Keep branch up-to-date with main
- Get approval - At least 1 approval required
- Merge - Squash merge (recommended) or rebase
🔧 Common Issues
Section titled “🔧 Common Issues””Commits must be signed”
Section titled “”Commits must be signed””Your commits need a DCO sign-off:
# Sign existing commitsgit rebase --exec 'git commit --amend --no-edit -n -s' -i origin/main
# Force push to your branchgit push --force-with-lease“Branch is out of date”
Section titled ““Branch is out of date””Update your branch with latest main:
git checkout maingit pull origin maingit checkout your-branchgit rebase maingit push --force-with-lease“CI checks failing”
Section titled ““CI checks failing””Run tests locally before pushing:
# Run all checksmake testmake lintmake build
# Fix linting issues automaticallymake fmt“Need code owner review”
Section titled ““Need code owner review””Some files require review from specific teams (see .github/CODEOWNERS):
- Runtime changes → Runtime team
- SDK changes → SDK team
- CI/CD changes → DevOps team
- Documentation → Docs team
The appropriate reviewers will be automatically assigned.
”Conversation not resolved”
Section titled “”Conversation not resolved””All review comments must be marked as resolved:
- Address the comment (make changes or respond)
- Click “Resolve conversation” button
- Wait for reviewer to confirm
🏷️ Tags
Section titled “🏷️ Tags”Version tags are protected and immutable:
- Created automatically by release workflow
- Cannot be deleted once created
- Cannot be moved to different commit
- Pattern:
v*,runtime/v*,sdk/v*, etc.
🆘 Emergency Procedures
Section titled “🆘 Emergency Procedures”For critical production issues:
- Contact a repository admin
- Admin can temporarily adjust protections
- Emergency fix must be documented
- Post-incident review required
- Retroactive PR created
📚 More Information
Section titled “📚 More Information”- Full guide: branch-protection.md
- Contributing: CONTRIBUTING.md
- Release process: release-process.md
- CI/CD pipelines: ci-cd-pipelines.md
💡 Tips
Section titled “💡 Tips”- Smaller PRs are reviewed faster
- Clear descriptions help reviewers understand context
- Passing CI locally before pushing saves time
- Signing commits upfront avoids rework
- Descriptive commit messages help with changelog generation