Rulesets configuration for Automatic Delete

[ForteScarlet]

Select Topic Area

Product Feedback

Body

Hello!
I'm having a problem with the ruleset. I have a repository which commonly has two protected branches: main and dev.
main is used to merge from dev, i.e. main <- dev on each release, while dev is used for development.

When I was configuring the ruleset for dev, I wanted it to satisfy:

1. When a PR wants to merge into dev, it needs to do a CI check, and it can use auto-merge to automatically complete the merge when the CI passes.
2. I want auto-merge to automatically delete one-off branches that finish merging if possible, so I've turned on the Automatically delete head branches Loading configuration.
3. I'd like to see that in special cases (e.g. very simple typo fixes), administrators can bypass the rules and submit directly to dev.
4. Restrict deletions.

When I was configuring the ruleset for main, I wanted it to satisfy:

1. When the dev release version is successful (via CI check), it can be auto-merge into main, but don't delete dev.

When I want to satisfy the dev ruleset, I need to configure the CI check and bypass list, but when I'm in the bypass list, the ruleset for main doesn't satisfy the auto-merge but can't delete dev condition, because bypass allows dev to be deleted by me.

So I'd like ruleset to be able to configure auto-delete related behaviours, or make the bypass rules a bit more detailed.

Or is there any way to fulfil the above conditions? I know that Branch protection rules seems to support these conditions, but Rulesets does not.
Rulesets seem to be seen as an alternative to Branch protection rules, but I can't replace the original configuration with Rulesets because of this problem.

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[rlmcneary2]

I have the same rulesets settings and a "qa" branch was automatically deleted - I did not expect this behavior. After investigating I understood what had happened, but I don't like it. It seems like if Restrict deletions is checked matching branches can never be deleted under any circumstances should apply. A second alternative is to require the deletion to have a "bypass approval" option.

[MegaMind1212]

Here’s a possible solution for your rulesets issue:

for dev Ruleset:

try accessing the Settings > Rules > Rulesets, create a ruleset dev-protection targeting refs/heads/dev.
then Enable:
"Require a pull request before merging."
"Require status checks to pass before merging" (add your CI check, e.g., ci-check).
"Restrict deletions."
then Add admins to the bypass list. and Enable "Automatically delete head branches" in Settings > General > Pull Requests.

then for main Ruleset repeat the same process
Create a ruleset main-protection targeting refs/heads/main.
Enable:
"Require a pull request before merging."
"Require status checks to pass before merging" (add your release CI check, e.g., release-ci-check).
"Restrict deletions."
but Don’t add admins to the bypass list.
Auto-Merge:
Enable auto-merge on PRs to dev and from dev to main.

Prevent dev Deletion using this:
yaml

"name: Protect dev Branch from Deletion
on:
delete:
jobs:
protect-dev:
runs-on: ubuntu-latest
if: github.event.ref == 'refs/heads/dev' && github.event.ref_type == 'branch'
steps:
- name: Recreate dev Branch
run: |
git clone https://github.com/${{ github.repository }} repo
cd repo
git checkout main
git branch dev
git push origin dev
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}"

Lastly For the qa Deletion Issue protect qa with a ruleset like dev. If it’s a head branch, manually delete it after merging or disable the auto-delete setting.
Let me know if this helps by any means thanks.

[ForteScarlet]

If I understand correctly, is this a way to 'not delete the dev branch' by reverting the dev branch? Personal opinion: I think it would be better to just go back to using Branch protection rules: it doesn't need an extra workflow to restore branches in real time.
Thanks for the advice though! It would be nice if the officials could refine the Rulesets a bit more. 😿

[aa333]

Same issue here
✅ release and develop branches are restricted (except bypass)
✅ release and develop branches have develop and hotfix PRs from feature branches, which should be deleted after PR is merged
⚠️ backmerge PR from release to develop causes release branch to be deleted. This also causes all PRs open to release to change target. Which is... inconvenient.

Bypasses must be enabled to allow backmerge with merge commit when using queue+squash (see https://github.com/orgs/community/discussions/68723).

So the only way right now is to clean up branches manually.

[thiagobrucezzi]

Hey, just wanted to share something I noticed today. I was testing branch deletion behavior and it seems like this issue has been fixed — a branch covered only by a ruleset with "Restrict deletions" enabled can no longer be deleted manually, which previously was possible.

That said, I couldn't find any changelog entry from GitHub mentioning this fix was shipped.

As a workaround, I used to add the branch to Classic Branch Protection Rules in addition to the ruleset just to prevent accidental deletion. It seems like that's no longer necessary, and rulesets
alone are now enough to protect branches from being deleted.