I have a personal website on GitHub Pages. When I merge into develop, my CI is set up to check out master, reset --hard to develop, build the website, and force push to GitHub.
Is there a way I can protect master from being pushed to by anyone else than my CI's service account, so that the only way to update my website is by pushing a verified build to develop?
Since I don't have an organization account, I can't restrict to a particular user using the feature described in this answer.
