Repository Rulesets
Advanced branch protection with granular control over commits, merges, and file restrictions.
Overview
Repository Rulesets extend basic branch protection with advanced rules for commit validation, file restrictions, and merge requirements. They provide more flexibility than traditional branch protection rules.
Key Advantages
- Commit Validation — Require signed commits, validate message format
- File Restrictions — Block specific paths, extensions, or large files
- Dry-Run Mode — Test rules without enforcing them
- Bypass Actors — Allow specific users/teams to bypass rules
- Merge Queue — Automated batch merging
Creating Rulesets
From a Template
- Go to repository Settings → Rulesets
- Select a template (Basic, Standard, Strict, or Enterprise)
- Customize the name and branch patterns
- Click Create
Custom Ruleset
- Click Create Custom Ruleset
- Enter a name and description
- Choose enforcement mode
- Select target branches
- Configure rules
- Add bypass actors (optional)
- Click Save
Templates
Basic
Minimal protection for simple workflows.
- Prevent branch/tag deletion
- Block force pushes
Standard (Recommended)
Balanced protection for most teams.
- Everything in Basic
- Require 1 approving review
- Require conversation resolution
- Require Jasper review status check
Strict
Enhanced protection for critical branches.
- Everything in Standard
- Require 2 approving reviews
- Require code owner approval
- Require signed commits (GPG)
- Require linear history
- Dismiss stale reviews on push
Enterprise
Maximum protection with compliance features.
- Everything in Strict
- Require conventional commit messages
- Additional branch coverage (main, release/*, hotfix/*)
Rule Types
Branch/Tag Restrictions
| Rule | Description |
|---|---|
deletion |
Prevent deletion of branches/tags |
non_fast_forward |
Block force pushes |
creation |
Prevent creation of matching refs |
update |
Block updates to matching refs |
Pull Request Rules
| Parameter | Description |
|---|---|
required_approving_review_count |
Number of approvals required (0-10) |
dismiss_stale_reviews_on_push |
Dismiss approvals when new commits pushed |
require_code_owner_review |
Require approval from code owners |
require_last_push_approval |
Most recent pusher cannot approve |
required_review_thread_resolution |
All conversations must be resolved |
Commit Rules
| Rule | Description |
|---|---|
required_signatures |
Require GPG-signed commits |
required_linear_history |
Only squash/rebase merges allowed |
commit_message_pattern |
Validate commit message format |
commit_author_email_pattern |
Validate author email domain |
Commit Message Pattern Example
Enforce Conventional Commits:
Pattern: ^(feat|fix|docs|style|refactor|test|chore)(\(.+\))?:.+
Example: feat(auth): add OAuth2 supportFile Restrictions
| Rule | Description |
|---|---|
file_path_restriction |
Block specific file paths |
file_extension_restriction |
Block specific file types |
max_file_size |
Limit file size (default: 10MB) |
max_file_path_length |
Limit path length (1-256) |
Advanced Rules
| Rule | Description |
|---|---|
merge_queue |
Automatic batch merging |
required_deployments |
Require deployment to environment |
code_scanning |
Require code scanning pass |
workflows |
Require specific Actions workflows |
Enforcement Modes
| Mode | Description |
|---|---|
| Active | Rules are enforced and block non-compliant actions |
| Evaluate | Dry-run mode — violations logged but not blocked |
| Disabled | Ruleset is inactive |
Tip: Use "Evaluate" mode to test new rules before enforcing them. Check GitHub's ruleset insights to see what would be blocked.
GitHub Sync
Rulesets sync with GitHub automatically:
Push to GitHub
- Create or modify a ruleset in Jasper
- Click Sync to GitHub
- Ruleset is created/updated on GitHub
Import from GitHub
- Click Import from GitHub
- All GitHub rulesets are imported
- Externally created rulesets are marked accordingly
Sync Status
- Synced — In sync with GitHub
- Pending — Changes need to be synced
- Error — Sync failed (check error message)
Bypass Actors
Allow specific users, teams, or apps to bypass rules:
- Organization Admins — All org admins can bypass
- Repository Admins — Repo admins can bypass
- Specific Teams — Named teams can bypass
- GitHub Apps — Specific apps can bypass
Rulesets vs Branch Protection
| Feature | Branch Protection | Rulesets |
|---|---|---|
| Review requirements | Yes | Yes |
| Status checks | Yes | Yes |
| Force push blocking | Yes | Yes |
| Commit signatures | No | Yes |
| Commit message validation | No | Yes |
| File restrictions | No | Yes |
| Merge queue | No | Yes |
| Dry-run mode | No | Yes |
| Bypass actors | Limited | Yes |
Best Practices
- Start with Standard — Use the Standard template for most projects
- Test with Evaluate — Use dry-run mode before enforcing
- Use Conventional Commits — Consistent commit messages help automation
- Require Signatures — GPG-signed commits verify author identity
- Keep rulesets minimal — Don't add rules you won't enforce