Ruleset enforcing status checks can be bypassed by anyone #121511
-
Select Topic AreaBug BodyWe have a ruleset on the main branch that requires status checks to pass before merge. Those status checks didn't pass in the PR (they were skipped because an dependency status check failed) and we could merge the PR with the account that is not in the "bypass list" |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
Hello! Just wanted to drop a note here that in the screenshots, it looks like the Skipped jobs count as From the docs:
|
Beta Was this translation helpful? Give feedback.
-
Oh, I see. Thank you for the clarification! |
Beta Was this translation helpful? Give feedback.
Hello! Just wanted to drop a note here that in the screenshots, it looks like the
check-pr/lint
andcheck-pr/test
status checks were being checked and in the subsequent screenshot it looks like those jobs show as a status ofskipped
.Skipped jobs count as
success
when it comes to status checks. There are a number of reasons for this, one of which is so that jobs can be conditional withif:
type checks at the job level and skipped jobs then status assuccess
rather thanfailure
.From the docs: