Skip to main content

Troubleshooting rules

Learn how to troubleshoot rulesets when you're contributing to a repository.

Who can use this feature?

Rulesets are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, and GitHub Enterprise Cloud.

Troubleshooting rulesets

If you cannot perform an action in a repository and want to know why, you can view the active rulesets targeting the branch or tag you're working with. For more information, see "Managing rulesets for a repository."

Depending on which rules are active, you may need to edit your commit history locally before you can push your commits to the remote branch. For example, if a branch requires commits to be signed, you can update your signing settings, then use an interactive rebase on your local branch to rewrite your Git history with signed commits. For more information, see "Available rules for rulesets" and "Using Git rebase on the command line."

If a branch or tag is targeted by rules restricting the metadata of commits, your commits may be rejected if part of the commit's metadata does not match a certain pattern. For example, you might need to add an issue number to the start of your commit message, or change the name of a new branch or tag you're trying to push to the repository. If your commits are rejected, you will see a message telling you the pattern the relevant metadata needs to match. As with signed commits, you may need to perform a rebase to squash the commits or rewrite each commit individually. For more information, see "Available rules for rulesets."

When utilizing push rulesets, a maximum of 1000 reference updates are allowed per push. If your push exceeds this limit, it will be rejected. For more information see "Creating rulesets for a repository".

Troubleshooting ruleset workflows

Ruleset workflows can be configured at the organization level to require workflows to pass before merging pull requests. For more information, see "Creating rulesets for repositories in your organization."

Ruleset workflows for open pull requests

If you create a rule while a pull request is open, the required workflow will not run automatically. To trigger the required workflow, push a new commit, update your branch, or close and re-open the pull request.

Supported ruleset workflow events

Ruleset workflows support using the pull_request, pull_request_target and merge_group events. As a result, you must specify one or more of these events in the on: section of the workflow for the workflow to be run by a ruleset.

Any filters you specify for the supported events are ignored - for example, branches, branches-ignore, paths, types and so on. The workflow is only triggered, and is always triggered, by the default activity types of the supported events.

EventDefault activity types
pull_requestopened, synchronize, reopened
pull_request_targetopened, synchronize, reopened
merge_groupchecks_requested

For more information, see "Events that trigger workflows."

Ruleset workflows do not run on events triggered by the GITHUB_TOKEN. For more information, see "Automatic token authentication."

Blocking repository creation

A required workflow can block people from creating a repository, since a workflow can't run against a repository that's being initialized. To get around this, the ruleset either needs to have "Evaluate" as the enforcement status, or someone with bypass permissions needs to create the repository and bypass the branch protection.

For more information about enforcement statuses and "Evaluate" mode, see "Creating rulesets for a repository."

For more information about bypass permissions, see "About protected branches."

Branch targets in a ruleset

Verify that your ruleset workflow does not target all branches in the repository. It should only target branches where all changes to the branch are performed by pull requests.

Supported directory

Verify that your workflow file exists in the .github/workflows directory. If you want to run a ruleset workflow on pull_request events in a repository that is not the source repository, you can take any of the following actions:

Using the merge_group trigger

If your repository uses GitHub Actions to perform required checks or if you require workflows via organization rulesets on pull requests in your repository, you need to update the workflows to include the merge_group event as an additional trigger. Otherwise, status checks will not be triggered when you add a pull request to a merge queue. The merge will fail as the required status check will not be reported. The merge_group event is separate from the pull_request and push events.

Source repository permissions

Verify that the source repository permissions are set to "Accessible from repositories in the ORGANIZATION NAME organization."

For more information, see "Managing GitHub Actions settings for a repository."

Source repository privacy settings

Verify that the ruleset workflow file is in a source repository that has the same or less restrictive privacy settings than the repositories you want to run it in. Specifically, a public workflow can run on any repository in your organization, an internal workflow can run on internal and private repositories, and a private workflow can run on private repositories. For more information, see "About workflows."

Permissions for creating a new repository

To create a new repository when a ruleset workflow is configured, ensure that you have bypass permissions for your ruleset. For more information, see "Creating rulesets for a repository".

Rule insights

GitHub does not log rule insights until a pull request is merged or a merge is attempted.

Concurrency

Verify that your ruleset workflow does not use the cancel-in-progress concurrency setting. For more information about concurrency, see "Control the concurrency of workflows and jobs".