Managing rulesets for a repository

In this article

You can edit, monitor, and delete existing rulesets in a repository to alter how people can interact with specific branches and tags.

Who can use this feature

Anyone with read access to a repository can view the repository's rulesets. People with admin access to a repository, or a custom role with the "edit repository rules" permission, can create, edit, and delete rulesets for a repository and view ruleset insights. For more information, see "About custom repository roles."

Rulesets are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, and GitHub Enterprise Cloud. For more information, see "GitHub’s plans."

After creating a ruleset, you can make changes to the ruleset to alter how people can interact with the targeted branches or tags. For example, you can add rules to better protect your branches or tags, or you can switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience for your repository.

You can use the REST and GraphQL APIs to manage rulesets. For more information, see "Rules" and "Mutations."

Tip: If you're the owner of an organization, you can create rulesets at the organization level. You can apply these rulesets to specific repositories in your organization, and to specific branches in those repositories. For more information, see "Creating rulesets for repositories in your organization."

Viewing rulesets for a repository

Anyone with read access to a repository can view the rulesets targeting the repository. This can be useful if you want to know why you can't commit to a branch. On the "Rulesets" page, you can view the active rulesets targeting a certain branch or tag. You will also see rulesets running in "Evaluate" mode, which are not enforced.

  1. On GitHub.com, navigate to the main page of the repository.

  2. From the file tree view on the left, select the branch dropdown menu, then click View all branches. You can also find the branch dropdown menu at the top of the integrated file editor.

    Screenshot of the file tree view for a repository. A dropdown menu for branches is expanded and outlined in dark orange.

  3. To the left of the branch, click .

    Screenshot of a list of branches in a repository. Next to the "main" branch, an icon of a shield with a keyhole is highlighted with an orange outline.

  4. Optionally, to view the rulesets for another branch or tag, use the branch selector dropdown menu.

    Screenshot of the "Rulesets" page. Above a ruleset, a dropdown menu, labeled with a branch icon and "team-test," is highlighted with an orange outline.

  5. Click the name of the ruleset you want to view.

Editing a ruleset

Note: If a ruleset was created at the organization level, you cannot edit the ruleset from the repository's settings. If you have permission to edit the ruleset, you can do so in your organization's settings. For more information, see "Managing rulesets for repositories in your organization."

You can edit a ruleset to change parts of the ruleset, such as the name, bypass permissions, or rules. You can also edit a ruleset to change its status, such as if you want to enable or temporarily disable a ruleset.

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Rulesets" option is outlined in orange.

  4. On the "Rulesets" page, click the name of the ruleset you want to edit.

  5. Change the ruleset as required. For information on the available rules, see "Available rules for rulesets."

  6. At the bottom of the page, click Save changes.

Deleting a ruleset

Tip: If you want to temporarily disable a ruleset but do not want to delete it, you can set the ruleset's status to "Disabled." For more information, see "Editing a ruleset."

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Rulesets" option is outlined in orange.

  4. Click the name of the ruleset you want to delete.

  5. To the right of the ruleset's name, select , then click Delete ruleset.

    Screenshot of the page for editing a ruleset. Below a button labeled with three dots, an option labeled "Delete ruleset" is outlined in orange.

Using ruleset history

Notes:

  • Ruleset history is currently in public beta and subject to change.
  • Only changes made to a ruleset after the public beta release, on October 11, 2023, are included in the ruleset history.

You can view all the changes to a ruleset and revert back to a specific iteration. You can also download a JSON file containing the ruleset's configuration at a specific iteration. The bypass list of a ruleset is excluded from the exported JSON file.

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Rulesets" option is outlined in orange.

  4. To view the history of changes to the ruleset, select to the right of the ruleset's name, then click History.

    Screenshot of the page for repository rulesets. Below a button labeled with three dots, an option labeled "History" is outlined in orange.

  5. To the right of the specific iteration, select , then click Compare changes, Restore, or Download.

    Screenshot of the page for repository rulesets history. A dropdown menu labeled with three dots is expanded and highlighted with an orange outline.

Importing a ruleset

You can import a ruleset from another repository or organization using a JSON file. This can be useful if you want to apply the same ruleset to multiple repositories or organizations.

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Rulesets.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Rulesets" option is outlined in orange.

  4. Select the New ruleset dropdown, then click Import a ruleset.

    Screenshot of the page for repository rulesets. A dropdown menu labeled "New ruleset" is expanded and the "Import a ruleset" option is highlighted with an orange outline.

  5. Open the exported JSON file.

  6. Review the imported ruleset and click Create.

Viewing insights for rulesets

You can view insights for rulesets to see how rulesets are affecting a repository. On the "Rule Insights" page, you will see a timeline of the following user actions. You can use filters to find what you're looking for.

  • Actions that have been checked against one or more rulesets and passed.
  • Actions that have been checked against one or more rulesets and failed.
  • Actions where someone has bypassed one or more rulesets.

If a ruleset is running in "Evaluate" mode, you can see actions that would have passed or failed if the ruleset had been active.

Screenshot of the "Rule Insights" page. Three actions are listed: one marked "pass," one marked "bypass," and one marked "fail" with an "evaluate" label.

  1. On GitHub.com, navigate to the main page of the repository.

  2. Under your repository name, click Settings. If you cannot see the "Settings" tab, select the dropdown menu, then click Settings.

    Screenshot of a repository header showing the tabs. The "Settings" tab is highlighted by a dark orange outline.

  3. In the left sidebar, under "Code and automation," click Rules, then click Insights.

    Screenshot of the sidebar of the "Settings" page for a repository. The "Rules" sub-menu is expanded, and the "Insights" option is outlined in orange.

  4. On the "Rule Insights" page, use the dropdown menus at the top of the page to filter the actions by ruleset, branch, actor, and time period.

  5. To see which specific rules failed or required a bypass, click , then expand the name of the ruleset.

    Screenshot of the "Rule Insights" page. To the right of an event labeled "octocat created not-allowed," an icon of three horizontal dots is outlined in orange.