Here is a comprehensive tutorial for understanding and configuring Protected Branches in GitLab 18.0, based on the image you’ve provided and the latest official documentation.
š GitLab Protected Branches ā Tutorial Guide (v18.0)
š Purpose:
Protecting branches in GitLab helps teams:
- Prevent force pushes
- Restrict who can merge or push
- Enforce code review via merge requests
- Safeguard main/stable branches from accidental or unauthorized changes
š What is a Protected Branch?
A protected branch is a Git branch that has rules and restrictions applied to prevent:
- Direct pushes (without approvals or pipelines)
- Deletion by mistake
- Bypassing CI/CD requirements
GitLab typically uses it for main, master, release/*, or production.
ā Capabilities of Protected Branches
| Restriction | Description |
|---|---|
| Prevent Direct Pushes | Only selected roles can push |
| Prevent Force Pushes | Force-push is disabled |
| Restrict Who Can Merge | Only selected users/roles can merge |
| Require Merge Requests | Enforce review before integration |
| Status Check Enforcement (EE+) | Only allow merge if pipelines pass |
š ļø How to Protect a Branch in GitLab (GitLab Cloud / v18.0+)
š¹ Option 1: Using Branch Rules (Recommended)
Step-by-Step:
- Go to your Project ā Settings ā Repository
- Scroll to Branch Rules
- Click āAdd branch ruleā
- In the modal:
- Branch name: e.g.,
mainorrelease/* - Allowed to push: Choose
Maintainers,Developers + Maintainers, or custom users/groups - Allowed to merge: Choose same
- Optionally enable:
- ā Require merge request approvals
- ā Require successful pipeline
- Branch name: e.g.,
- Click āCreateā
šÆ Now the branch is protected under branch rules ā future pushes & merges are restricted.
š¹ Option 2: [Legacy] Using Protected Branches Panel (Deprecated)
In GitLab 18.0+, this is deprecated and migrated under Branch Rules UI.
Still visible under:Settings ā Repository ā Protected branchessection.
Here:
- You can protect/unprotect branches
- Define who can push/merge
- Redirects to Branch Rules now
šÆ Best Practices
- ā Protect all main, release, and production branches
- ā Require merge requests to enforce peer reviews
- ā Require pipeline success before merge (CI/CD)
- ā Allow only maintainers to merge into protected branches
- š« Avoid giving push access to Developers on protected branches unless justified
š” Real-World Example: Protect main Branch
| Setting | Value |
|---|---|
| Branch name | main |
| Allowed to push | Maintainers only |
| Allowed to merge | Maintainers only |
| Require pipeline | ā Enabled |
| Require approvals | ā Enabled (2 reviewers) |
š CLI Tip (Git)
Once protected:
# Direct push will fail (if you're not allowed)
git push origin main
# You must open a Merge Request instead
Code language: PHP (php)š· Reference Screenshot Explanation (from your image)
- ā
Branch Rules are shown for
main(default, protected) - ā Add new rules via “Add branch rule”
- š Protected Branches section redirects to branch rules (GitLab is deprecating old interface)
š§Ŗ Need More?
Iām a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
