Web UI allows files to be deleted on protected branches

Pick any project on the (master|main) branch that has been protected (“Protected Branches”).

  1. Select a file.
  2. Press Delete.
  3. Enter commit message.
  4. Press Delete File

Seems… bad. Can’t find the documentation on this. Is GitLab performing a merge behind the UI? I’m an Owner in this example.

I have been told occurs when placed in the Next release test population. Regression?

Yes, because by default maintainers and owners are allowed to do that on protected branches. You can go into the project settings, and then under Repository → Protected Branches you can then change it from “Maintainers”, to “No One”.

1 Like