this post was submitted on 30 May 2026
107 points (99.1% liked)
Programming
27246 readers
204 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Startups hack things in to production?
Shocked, I tell you.
Right? The part that surprised me was that most of them turn branch protection ON and then don't require any check to pass. So the gate is there, it just doesn't gate anything. Makes me wonder if private repos are the same or if the public ones just get less attention.
Not a start up, but we require code review, even though it is not enforced via rules, to allow emergency overrides.
Gets used maybe once every 300 pull requests though.
Convention over configuration is a thing - so maybe look into their actual merge behavior?
Good distinction. If it's useful, GitHub lets you require checks and still grant a bypass for specific people or teams, so the hard rule and the emergency escape hatch can coexist, and the scan reads that as passing. Could be you've already weighed that, in which case ignore me.