Push rule delegated bypass and custom property regex support are generally available and repository policy delegated bypass is in preview

[queenofcorgis]

Hello GitHub Community!

We’re excited to share that several new repository features are now available (some in preview) to help you better protect and manage your repos. Whether you’re using push rules to secure your workflows, enforcing validations with custom property regex requirements, or looking for extra safeguards when deleting a repository, we want to hear from you!

Here’s a quick rundown of what’s new:

• Generally Available: Push Rule Delegated Bypass: Request exceptions for push rules directly within GitHub, with built-in review and audit trails for transparency.
• Public Preview Repository Policy Delegated Bypass (Preview): Extend that same delegated bypass approach to repository policies, including deleting repositories or changing visibility settings.
• Generally Available: Custom Properties Regex Support: Set a regular expression requirement for Text-type custom properties to ensure consistent formatting (e.g., an email-like pattern).

Now we’d love your feedback!

• How do you see these updates fitting into your current workflow?
• Which parts of these features excite you the most? Any areas you think need more attention?

Feel free to share your experience, questions, and suggestions in this thread. Your input will help us improve these features.

Thanks for being an active part of the GitHub Community! We can’t wait to hear what you think 👂🏼 .

[dev-bio]

Unfortunately, bypass requests for push rules are close to useless for protecting workflows in its current state, as the approver can’t review the ruleset violations (the changes aren’t visible). Meaning that on approval, the push could contain a malicious workflow with a push trigger, and it would already be too late as the workflow would be triggered immediately upon approval.