TFS-Git Branch Policies

Question

I am having a hard time understanding branch policies, i was reading through the following article https://www.visualstudio.com/en-us/docs/git/branch-policies.

Maybe i am reading it wrong but why are polices set on the pull and not the push seems a bit late in the process
Why cant you block users from merging/pushing lets say one branch into another?

I want to be able to push features into my master branch but I don't ever want someone to merge my develop branch into the master branch

Can you do something like that.

Related post - [Protecting a git branch in Visual Studio Team Services](https://stackoverflow.com/q/28134314/465053) — RBT, Apr 09 '19 at 11:12

score 2 · Answer 1 · answered May 18 '17 at 08:02

The policies are set for "pull requests", which is a feature in TFS/VSTS - similar to GitHub - where you create a "request to merge branches". This has nothing to do with the git pull and git push commands / workflow.

When your require pull requests for a certain branch, this no longer allows users to directly git push to that branch but requires them to push to a new branch and create a "pull request" to merge the two branches. The policies then allow you to set requirements like required reviewers (this will allow you to deny merges into your master branch).

score 2 · Accepted Answer · edited May 23 '17 at 11:55

Branch policy is something like the concept of check in policy in TFS. After enable check in policy, the user is required to take actions when they conduct a check-in to source control, for example a user can be required to associate a work item with a changeset or add a check in comment.

In the same way, after you setting up a branch policy, you cannot directly push changes to the branch. Changes to the branch are only made through pull requests.

Pull request is a feature name in TFS, it's nothing business with the concept of pull/push in git.

As for block users from merging/pushing, it's another concept Permission in TFS. Only users with Contribute permission can push new commits to the branch and lock the branch. If you are interested in this, you could take a look at here: Set branch permissions-GIT

Update

To push features into my master branch, you could use git command

git push origin branch1:branch2

More details please refer this question: Push commits to another branch

For I don't ever want someone to merge my develop branch into the master branch. You could set the permission of your develop branch, just deny other's Contribute permission on the develop branch.(Note: this will also disallow their push commits to your develop branch, there is not any only merge related permission in TFS Git)

If you want to use branch policy, you could prevent others merging your develop branch by setting must pass your code review. However, then you could not directly push features into the master branch. The detail reason just refer the second paragraph in Martin's answer.

Another workaround is temporary locking your develop branch which ideal for preventing new changes that might conflict with an important merge or to place a branch into a read-only state.

Thanks Patrick, seems a bit weird that you have to jump through so many hoops. We want our developers to merge their features to the develop branch, we just don't want them to merge directly to master, because some features might pass UAT and other wont. So essentially we only want features to be merge to Masters. — R4nc1d, May 19 '17 at 06:17
@R4nc1d Got it. If so, you could deny the users' contribute permission on master branch. They could only work on the develop branch and they can push their local features to the develop branch. Also enable some persons' contribute permission in project admin group, they should use `git rebase` command to rebase some commits in the develop branch to the master branch. After all you don't want to merge all features in the develop branch to master. This is the best processes. — PatrickLu-MSFT, May 19 '17 at 07:43

TFS-Git Branch Policies

2 Answers2

Update

Linked