Allow all developers to only do merge requests to master

Question

I wish to do the following:

1. Nobody can push directly to master, any attempt would get rejected.
2. Merge Requests can be made by anyone but not approved by anyone, just admins.

Essentially, master is something I want nobody to be able to push to directly, only via pull requests, which only the administrators can approve. This way master branch is protected.

Answer 1

Actually this can be done by protecting your Master branch. Anyone with 'developer' access can make merge requests, and only masters can accept and merge the final merge request! Developers can't touch master branch at all. This of course can be done with other branches as well.

How to protect a branch:

1. Go to your project page
2. Click on 'Commits'
3. Click on Branches
4. Click on Protected
5. Now you can select any branch and press 'Protect' to protect it.

Gitlab's inline help actually explains this feature quite elegantly:

Protected branches designed to prevent push for all except masters.

This ability allows:

- keep stable branches secured
- forced code review before merge to protected branches

Read more about project permissions here

Answer 2

One workaround would be to isolate the master branch in its own repo, owned by the admins.

That way:

• you have to fork that repo
• one of those fork can play the role of "central repo" for the developers (they can push to any branch that want)
• any pull request made to the initial repo (the one with only the master branch) will be validated only by the admins (owner of that repo)