Please Make Basic Branch Protection Free for Private Repositories

[corigne]

Select Topic Area

Product Feedback

Body

GitHub’s free private repositories don’t allow simple branch protection (e.g., ‘no direct pushes to main’). This limitation creates unnecessary friction for student and small project groups, and I believe it should be available on free accounts.

For context as to why this is an issue, I have a GitHub educational license. I have had one for several years now as I've gone back to University to pursue my education full time. Recently, and on several other occasions, I have needed to group with other GitHub users over an extended, but limited, period of time and create several repositories to produce as proof of work. The administrative overhead of setting up a new private repo under a single educational license multiple times for the same three to five users is inconvenient, at best, but can suffice with patience.

However, this time I must give another developer in my class project group administrative access, and we must give our TA "Read Only" privileges so they may assess our work. We are strongly discouraged from publicizing our repository, for the purposes of academic integrity. The Professor, however encourages us to use GitHub because it is the standard and offers useful quality of life features like projects, actions, free runner minutes, etc.

We can't manage the level of granularity needed to meet these requirements well with a single private repository, so we needed to use an organization. However, before transferring there was little-to-no indication that transferring the repositories would result in dropping enforcement of branch protection rules, previously established. We find out after everyone has migrated to the new organization and adjusted their local environments.

The educational license benefits are gone, and with it our main branch protection rules. As someone who has experienced catastrophic repository mangling more than once at the hands of an inexperienced or lazy team member,, I argue vehemently that simple branch protections are necessary and fundamental for all projects.

We could switch to use GitLab or GitTea or some other service, probably, but the technical and social costs of migrating everything over to another service is too high. We would be asking the group to create new accounts, or I'd have to transferring the repo back to a private individual repo, fixing the settings again, and then get everyone to change their local setups, again.

The restriction is inconvenient, and honestly feels arbitrary. Our primary options are: accept the risk, accept major inconvenience, or pay money we don't really have. If we were a project with income, members or a corporation with licensing, or a funded lab, this wouldn't be a question. We would understand paying for licenses, because we would likely need to numerous other paid features GitHub offers, and that is where GitHub's paid market comfortably sits. However, we are not a company, we are not seeking income, we are not members of a lab, and this has come up more times than I can think of in similar contexts.

GitHub's Team and Enterprise offerings have such a massive feature-set outside of just branch/org/repo rules that I believe allowing, at a minimum, simple templates for branch rules like "no push to main" to become a free feature would be a massive quality of life improvement and create a more positive experience for all users, and without diminishing the value of the paid tiers. It appears on close inspect to be a missing core feature, withheld to push users into matriculating rather than an additional feature only some users may want.

In the modern context of GitHub's feature offering, at least the simplest branch rules surely can't incur such significant cost as to justify requiring paid licensing. As a counterpoint, I acknowledge that in GitHub's earlier sparser offering, this was part of the much smaller feature-set and protected GitHub for exploitation. However with Microsoft's technical expertise behind GitHub, they are more than capable of detecting and handling abuse where it might occur.

To acknowledge and counter the idea that this feature separation provides clear and reasonable product segmentation, I would argue that the mixture of Private/Public rule-set differences, the large number of significantly more expensive to implement free tier features, and offering Team benefits to educational licenses but not small educational groups muddies the waters substantially as to what is reasonable and is not. What is reasonable is just what is presented, "as is".

Taking stock of GitHub's free and paid features without knowledge of their tiers or costs, would you classify regex based branch protection as basic functionality justifying a paid tier, or as fundamental and simple compared to the other features?

In a modern context, the value proposition of the Team and Enterprise tiers are enticing enough to prevent most forms abuse, in my opinion. I believe it may not have been the case at the time which the original decision regarding branch protection rules was made, and that a reassessment of this offering is well overdue.

As I've explained above, offering branch rules to everyone in private repositories is trivial. Please make them available to everyone or, at a minimum, expand individual educational licenses to apply to small project organizations to cover this obvious gap.

Thanks for reading.

Nathan Jodoin

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[poncema4]

Thanks for taking the time to share such detailed feedback. I can see how the lack of branch protection on free private repositories creates real challenges, especially in collaborative educational projects.

Currently, branch protection for private repositories is included only with GitHub’s Team and Enterprise plans, which is why you’re seeing the limitation when using an organization. While I don’t have a workaround that fully replaces branch protection, here are a couple of options you might consider:

Keep the repository under an individual account with an educational license, where branch protection remains available.

Use pull request reviews and required approvals as a lightweight safeguard, even without branch rules.

Reach out to GitHub Education Support

• since you have an educational license, they may be able to clarify options for group projects.

Your suggestion to extend basic branch protection to free org/private repos is great product feedback. I encourage you to also share it directly in the GitHub Feedback Discussions where the product team actively reviews requests.

[corigne]

Thank you for your reply!

As suggested, I've shared the content of this post as public discussion. It was not immediately clear to me that the Product Feedback category was separated in this way.

I will also look into option with the Educational team, however I am hopeful that further discussion with the community will be fruitful.

I'm going to leave this open, for a bit, and then once I've found some solution I will review and likely mark this as the answer.

[poncema4]

Thank you for your reply!

As suggested, I've shared the content of this post as public discussion. It was not immediately clear to me that the Product Feedback category was separated in this way.

I will also look into option with the Educational team, however I am hopeful that further discussion with the community will be fruitful.

I'm going to leave this open, for a bit, and then once I've found some solution I will review and likely mark this as the answer.

Hope you found a more in depth solution with my assistance and hope to have been helpful! :)

[hansmbakker]

It is available in the discussions at https://github.com/orgs/community/discussions/174419

[abren93]

just move to GITLAB