fix: update CI workflow and pre-push hook to include 'dev' branch restrictions#19
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the .husky/pre-push hook to restrict direct pushes to the dev branch in addition to beta and main. The reviewer identified a reliability issue where checking the local branch (HEAD) can be bypassed during pushes, and provided a code suggestion to read target remote refs from standard input instead.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| if [ "$branch" = "dev" ] || [ "$branch" = "beta" ] || [ "$branch" = "main" ]; then | ||
| echo "Direct pushes to '$branch' are not allowed. Open a pull request to dev, then promote dev -> beta -> main." |
There was a problem hiding this comment.
Checking the current local branch (HEAD) in a pre-push hook is unreliable and can be easily bypassed. For example, if a developer is on a feature branch but runs git push origin feature:dev, the hook will check the current branch (feature) and allow the direct push to dev. Conversely, if they are on dev and push to a safe personal branch, they will be blocked.
Instead, a pre-push hook should read the refs being pushed from standard input (stdin). We can use grep to check if any of the target remote refs match the protected branches (dev, beta, or main).
if grep -qE '^[^ ]+ [^ ]+ refs/heads/(dev|beta|main) '; then
echo "Direct pushes to protected branches are not allowed. Open a pull request to dev, then promote dev -> beta -> main."
1 participant
No description provided.