Problem
The repository has no branch protection rules configured, leaving main open to direct pushes and unreviewed merges.
The .NET SDK, LSP, and Samples repos all enforce branch protection through their CI workflows and CODEOWNERS — the Python SDK should match.
What needs to be configured
Branch protection on main
Configure via GitHub repo settings (Settings → Branches → Branch protection rules):
| Setting |
Value |
Rationale |
| Require pull request before merging |
Yes |
Prevents direct pushes to main |
| Required approvals |
1 |
Matches .NET SDK pattern |
| Dismiss stale approvals |
Yes |
Re-review after force-push |
| Require status checks to pass |
Yes |
CI must be green |
| Required status checks |
lint, build-and-test |
From ci.yml (after #2 is completed) |
| Require branches to be up to date |
Yes |
No stale merges |
| Require conversation resolution |
Yes |
All review comments addressed |
| Restrict who can push |
Admins only |
Standard for Azure org repos |
CODEOWNERS verification
The existing CODEOWNERS file assigns @Azure/azure-logicapps-team — verify this team exists and has write access to the repo.
Prerequisites
Acceptance criteria
Problem
The repository has no branch protection rules configured, leaving
mainopen to direct pushes and unreviewed merges.The .NET SDK, LSP, and Samples repos all enforce branch protection through their CI workflows and CODEOWNERS — the Python SDK should match.
What needs to be configured
Branch protection on
mainConfigure via GitHub repo settings (Settings → Branches → Branch protection rules):
lint,build-and-testCODEOWNERS verification
The existing
CODEOWNERSfile assigns@Azure/azure-logicapps-team— verify this team exists and has write access to the repo.Prerequisites
Acceptance criteria
mainbranch requires PR with at least 1 approvalmainblocked for non-admins