Skip to content

Protect Your Codebase With GitHub Pull Request Gate

Roméo: https://www.pexels.com/fi-fi/kuva/kaupunki-rakennus-arkkitehtuuri-matkustaa-1560102/

As your codebase grows and more people contribute to it, it becomes increasingly important to maintain quality and prevent bugs from slipping into production. This is where the GitHub Pull Request Gate comes in.

A GitHub Pull Request Gate is a set of automated checks that are run on a pull request before it is merged into the main codebase. These checks can include tests, code quality checks, security scans, and more. The purpose of the Pull Request Gate is to ensure that the proposed changes meet certain quality standards and do not introduce new bugs or vulnerabilities.

How to set up a GitHub Pull Request Gate?

Setting up a Pull Request Gate is relatively simple. First, you need to identify the checks that you want to run on each pull request. These could include tests that ensure the code is functioning as expected, code quality checks that enforce best practices and prevent common errors, or security scans that identify potential vulnerabilities.

Once you’ve identified the checks you want to run, you can create GitHub Action that is run on each pull request. GitHub has lot of ready made action tasks that helps to do this, but I will show how you can do it for .NET build.

Finally, you’ll want to configure your repository to enforce the Pull Request Gate. This can be done using GitHub’s branch protection settings, which allow you to specify that certain checks must pass before a pull request can be merged into the main branch.

Create GitHub Action

First we create a GitHub Action that builds our .NET project. While you can include integration tests, security checks, and other steps in this job, we’ll keep it simple for now and focus on building our codebase (which is an effective PR gate in itself) and of course run the uni tests. If you are completely new to GitHub Actions check first this great Quickstart tutorial.

In this sample we have project called ExampleBlazorApp, that is located under ExampleBlazorApp folder in the repository. That folder contains also the solution file called ExampleBlazorApp.sln. We use ubuntu-latest image, setup .NET version 7.0.x, call dotnet restore, build and finally run the unit tests from that solution.

name: .NET

on:
  push:
    branches: [ "main" ]

jobs:
  build:

    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v3
    - name: Setup .NET
      uses: actions/setup-dotnet@v3
      with:
        dotnet-version: 7.0.x
    - name: Restore dependencies
      run: dotnet restore ExampleBlazorApp/ExampleBlazorApp.sln
    - name: Build
      run: dotnet build --no-restore ExampleBlazorApp/ExampleBlazorApp.sln
    - name: Test
      run: dotnet test --no-build --verbosity normal ExampleBlazorApp/ExampleBlazorApp.sln

We want to ensure that this Action runs before a pull request is accepted, guaranteeing that our main branch always compiles and passes tests. Under Settings > Branches we can define branch protection rules, which needs to be fulfilled before pull requests can be accepted.

Create new Branch protection rule from settings > branches menu

Click add rule to create new branch protection rule and type the name of your main branch into branch name pattern field. Then check “Require status checks to pass before merging” and type in the name of build job, which verifies the pull request. Note that build is case sensitive and if you type it in a wrong casing, you need to re-create the rule to get it working properly.

Check “Require status checks to pass before merging” for PR gate

After creating the rule we can test it by creating a new pull request and identifying that we cannot merge it until the build is finished and the code is compiling.

Failing build cannot be merged when branch protection is enabled

Summary

The GitHub Pull Request Gate is a powerful tool for ensuring the quality and stability of a codebase. By automating checks and requiring certain standards to be met before a pull request can be merged, you can reduce the risk of bugs and other issues making it into production. If you’re not already using a Pull Request Gate in your development workflow, it’s definitely worth considering.