Code Review & Protected Branches
Pull/Merge Requests as a Quality Gate
On real teams, main is protected - you can't push to it directly. Changes must go through a Pull Request (GitHub) / Merge Request (GitLab).
| Control | What it does |
|---|---|
| Branch protection | Blocks direct pushes to main; requires PRs |
| Required reviews | N approvals before merge |
| Required status checks | CI/tests must pass before merge |
| CODEOWNERS | Auto-requests review from the right people for changed paths |
| Linear history | Requires squash/rebase, no messy merge commits |
Goal: Understand why this exists: main ships to production. Review + automated tests catch bugs before customers do, and PRs create a searchable record of why every change was made.
Good review etiquette: keep PRs small, write a clear description, respond to every comment, and don't merge your own PR without approval.
Tip: Squash-merge turns a messy 12-commit branch ("wip", "fix typo", "actually fix") into one clean commit on main. Great for a tidy history.