Add GitHub rulesets and security automation for branch protection#17
Draft
Add GitHub rulesets and security automation for branch protection#17
Conversation
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
…y rulesets Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
…kflow Co-authored-by: Kushmanmb <193178375+Kushmanmb@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add rulesets for branch protection and security management
Add GitHub rulesets and security automation for branch protection
Feb 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements declarative branch protection, tag protection, and automated security scanning using GitHub's native ruleset features.
Ruleset Configurations
5 JSON ruleset templates in
.github/rulesets/:branch-protection-main.json- 2 required reviews, signed commits, linear history, all checks requiredbranch-protection-release.json- Same as main, no bypass actorsbranch-protection-dev.json- 1 review, basic checkstag-protection.json- Prevents unauthorized tag creation/modification/deletionsecurity-checks.json- Mandatory security scans on all branches (excludes bot branches)Code Ownership & Security Workflows
.github/CODEOWNERS- Ownership mappings for consensus, wallet, networking, crypto, testing, build system, CI/CD, security, documentation.github/workflows/security-checks.yml- Dependency review, secret scanning (Gitleaks), vulnerability scanning (Trivy), security linting (Semgrep), permissions validation, signature verification.github/workflows/validate-rulesets.yml- Automatic validation on ruleset changesAutomation
.github/validate-rulesets.py- Validates JSON structure, security best practices, branch protection requirements.github/apply-rulesets.sh- Applies rulesets via GitHub API with prerequisite checksDocumentation
.github/rulesets/README.md- Ruleset details, safe practices, customization guide.github/SECURITY_MANAGEMENT.md- Security strategy, GPG setup, incident response, compliance.github/QUICK_START_RULESETS.md- Step-by-step deployment via UI/API/CLIREADME.md- Added security section with referencesUsage
Note: Rulesets must be applied via GitHub Settings or API. JSON files serve as version-controlled templates requiring customization of status check contexts, team IDs, and bypass actors.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.