Dev

[UGing265]

PR Type

Enhancement

---

Description

• Add GitHub Actions workflow to enforce dev branch merging policy

• Prevent direct merges to main from non-dev branches

• Fail CI checks when pull requests target main from other branches

---

Diagram Walkthrough

flowchart LR
  PR["Pull Request to main"] --> Check["Check source branch"]
  Check --> IsDev{"Is from dev?"}
  IsDev -->|Yes| Pass["Allow merge"]
  IsDev -->|No| Fail["Fail CI check"]

Loading

File Walkthrough

	Relevant files
Configuration changes	var-branch.yml Add main branch protection workflow                                            .github/workflows/var-branch.yml Create new GitHub Actions workflow triggered on pull requests to main branch Add job to verify that pull requests originate from dev branch Exit with error code 1 if source branch is not dev, blocking the merge Workflow runs on ubuntu-latest environment +15/-0

---

Summary by CodeRabbit

• Chores
  • Added branch protection workflow to enforce pull request source branch requirements for the main branch.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow is added that enforces branch protection on the main branch. The workflow triggers on pull requests to main and blocks merges unless the source branch is 'dev', returning an exit code of 1 for non-dev branches.

Changes

Cohort / File(s)	Summary
Branch Protection Workflow .github/workflows/var-branch.yml	New GitHub Actions workflow that validates PR source branch is 'dev' before allowing merge to main; exits with error code 1 if condition fails.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐰 A branch protection spell, we weave with care,
Only 'dev' may enter, that's our lair!
GitHub Actions guards the golden gate,
Blocking stray branches from their fate.
Main stays pure, pristine, and true—
Thanks to this workflow, through and through! 🔒

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Dev' is vague and does not meaningfully describe the pull request's primary change of implementing a GitHub Actions workflow to enforce branch protection rules.	Replace with a more descriptive title that captures the main change, such as 'Add GitHub Actions workflow to enforce dev-only merges to main' or 'Implement branch protection check via GitHub Actions'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dev

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

.github/workflows/var-branch.yml (1)

1-15: The workflow achieves its goal, but consider a few improvements.

1. The workflow name Var branch main is unclear — consider something like Branch Protection or Guard Main Branch.
2. The error message on Line 14 could be more helpful by telling the user which branch is allowed:

Suggested improvements

-name: Var branch main
+name: Guard main branch
 on:
   pull_request:
     branches:
       - main
 
 jobs:
   check-branch:
     runs-on: ubuntu-latest
     steps:
       - name: Verify source branch
         if: github.head_ref != 'dev'
         run: |
-          echo "Error: Don't merge to main!"
+          echo "Error: Only the 'dev' branch may be merged into main. Source branch: '${{ github.head_ref }}'"
           exit 1

Also note that GitHub's built-in branch protection rules (Settings → Branches → Branch protection rules) can enforce this natively without a CI workflow, which is more tamper-resistant since workflows can be modified by contributors in their PR branch.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Unclear workflow name: The workflow name Var branch main is not self-documenting and does not clearly convey that it blocks non-dev PRs into main. Referred Code name: Var branch main on: Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Prevent PRs from forked dev branches Modify the if condition to also check if the pull request originates from a forked repository, preventing workflow bypasses. .github/workflows/var-branch.yml [12] -if: github.head_ref != 'dev' +if: github.event.pull_request.head.repo.fork || github.head_ref != 'dev' Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a significant logical flaw that could allow bypassing the intended contribution workflow via forked repositories and provides a correct fix, enhancing the security and integrity of the process.	Medium
General	Use error annotation Use the ::error:: workflow command in the run step to create a clear error annotation in the GitHub Actions UI when the check fails. .github/workflows/var-branch.yml [13-15] run: | - echo "Error: Don't merge to main!" + echo "::error::PR source branch must be 'dev', aborting merge" exit 1 Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion improves user experience by using a GitHub Actions error annotation, which makes workflow failures much more visible in the UI compared to just printing to the logs.	Low
More