Repositories which have protected branches with push restrictions have no ability to grant push rights to Integrations




Is this still actually being discussed or has it been dropped? It would be great to know if this is considered something that will still be addressed, as whilst we have a temporary workaround we’d like to be able to commit to a process to carry this out.

We are doing something very similar to the use case @coreycoto has, and given that, it seems this is not an edge case.



Re: namespace of apps, I noticed recently that when you filter GitHub Issues, you can filter via app name with syntax like so: author:app/theappname


Our organization is also being blocked by this. I only found out after I created an integration bot to handle fast-forwarding of pull requests to specific branches that this is an issue, and the issue didn’t ever show itself to me until I found this is what causes the “mergeable_state” field on a PR to be “blocked” for the app:


I’m off to waste time reworking my bot to use a user authentication key.

This is asenine, any updates github? this has been open for over a year, and has been “investigated” with a “reproduction case” and “failing integration test” for over 6 months.


Any progress on this on Github? We, too, are very interested in this.


:wave: hi everyone, heads up: we aren’t ignoring this request. There is work underway and we are progressing, but it will still take time until we ship the final solution.

Thanks for the patience and understanding!


We use an automated tool that handles releases and needs to push to master (nlm). We wanted to use protected branches since they came out but were never able to because of this issue. Definitely looking forward to a resolution! :slight_smile:


We use an app from the GitHub Marketplace to handle updating our dependencies, but the app cannot merge the PRs it makes because the master branch is protected.


We are in the exact same case and we’re also interested in a solution

We use an app from the GitHub Marketplace to handle updating our dependencies, but the app cannot merge the PRs it makes because the master branch is protected.


Any update @vroldanbet? It’s been a few months since the last update.


Unfortunately no updates :disappointed_relieved:


We’re running into the exact same problem as well, so +1 for a first-class resolution to this (either having a permission that allows an app to merge to protected branches or having a way to have repo owners specify that an app can merge to its protected branches).

For others who have already encountered this – any feedback/experience with workarounds? My current plan is to require users/orgs to register separate tokens with the app that can perform the push operations since this seems to be the most straightforward approach (although still a pain because we’ll need manual process to register and store these tokens). Some kind of OAuth flow seems like it might be more user-friendly, but I haven’t been able to come up with a workflow that makes sense.

If anyone here has come up with a work-around for this that they found to be effective any input would appreciated!


What does “no updates” mean? Has the work been dropped, or is there still work underway and progression on this?


Sorry for my ambiguous response. I meant there is no news with respect to this request. AFAIK this is on our backlog and still not prioritized.


We’ve just start using dependabot to manage our dependencies updates but, despite working awesomely, the bot can’t perform the last step of merging the PR because we have a protected branch requiring reviews.
In this case, we are perfectly willing to authorize the bot to merge without any review required.
Please make it happen!


+1, would love to set branch protection rule for github app.