Require Branches Up To Date + GitHub Collector

✓ Guardrail ↓ Collector Stable Repository And Ownership

Enforce Require Branches Up To Date using data collected by GitHub Collector. Automatically check repository and ownership standards on every PR.

Guardrail: Requires PR branches to be up-to-date with the base branch before merging. Prevents merging stale branches that may have integration issues.

Data Source: Automatically collect GitHub repository settings, branch protection rules, and access permissions. Enforce VCS standards across your organization.

Get Started View on GitHub

How GitHub Collector Powers This Guardrail

The GitHub Collector gathers metadata from your vcs systems. This data flows into Lunar's Component JSON, where the Require Branches Up To Date guardrail evaluates it against your standards.

When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement with actionable feedback.

↓ GitHub Collector Gathers Data Collector

Extracts metadata from code, configs, and tool outputs

{ } Component JSON

Data centralized in structured format for evaluation

✓ Require Branches Up To Date Checks Guardrail

Pass/fail result with actionable feedback in PRs

Quick Start Configuration

Add both the collector and policy to your lunar-config.yml to enable this guardrail.

📄 lunar-config.yml

# Step 1: Enable the GitHub Collector
collectors:
  - uses: github://earthly/lunar-lib/collectors/github@v1.0.0
    # with: ...

# Step 2: Enable the VCS Guardrails
policies:
  - uses: github://earthly/lunar-lib/policies/vcs@v1.0.0
    include: [require-branches-up-to-date]
    # with: ...

What GitHub Collector Collects

This collector gathers the following data that the Require Branches Up To Date guardrail evaluates.

Collector code

`repository`

Fetches basic repository settings from the GitHub API including visibility (public/private/internal), default branch name, topics, and allowed merge strategies (merge commit, squash, rebase). Writes to .vcs.provider, .vcs.visibility, .vcs.default_branch, .vcs.topics, and .vcs.merge_strategies.

Collector code

`branch-protection`

Fetches branch protection rules for the default branch from the GitHub API. Collects required approvals, code owner review, dismiss stale reviews, required status checks, force push/deletion restrictions, linear history requirements, signed commit requirements, and push restrictions (users, teams, apps). Writes comprehensive settings to .vcs.branch_protection.

Collector code

`access-permissions`

Fetches repository access permissions from the GitHub API with pagination support. Collects direct collaborators (login, permission level, type) and teams with access (slug, name, permission). Does not expand team memberships for performance. Writes to .vcs.access.collaborators and .vcs.access.teams.

Example Data Flow

Here's an example of the data that GitHub Collector writes to the Component JSON, which Require Branches Up To Date then evaluates.

{ } component.json From GitHub Collector

{
  "vcs": {
    "provider": "github",
    "default_branch": "main",
    "visibility": "private",
    "topics": ["backend", "api", "microservice"],
    "merge_strategies": {
      "allow_merge_commit": true,
      "allow_squash_merge": true,
      "allow_rebase_merge": false
    },
    "branch_protection": {
      "enabled": true,
      "branch": "main",
      "require_pr": true,
      "required_approvals": 2,
      "require_codeowner_review": true,
      "dismiss_stale_reviews": true,
      "require_status_checks": true,
      "required_checks": ["ci/build", "ci/test", "security/scan"],
      "require_branches_up_to_date": true,
      "allow_force_push": false,
      "allow_deletions": false,
      "require_linear_history": false,
      "require_signed_commits": true,
      "restrictions": {
        "users": ["deployment-bot"],
        "teams": ["platform-team"],
        "apps": ["github-actions"]
      }
    },
    "access": {
      "collaborators": [
        {
          "login": "alice",
          "permission": "admin",
          "type": "User"
        },
        {
          "login": "deployment-bot",
          "permission": "write",
          "type": "Bot"
        }
      ],
      "teams": [
        {"slug": "backend-team", "name": "Backend Team", "permission": "write"},
        {"slug": "platform-team", "name": "Platform Team", "permission": "admin"}
      ]
    }
  }
}

Configuration Options

VCS Guardrails Inputs

Input	Required	Default	Description
`min_approvals`	Optional	`1`	Minimum number of required approvals (integer, or omit to skip check)
`required_default_branch`	Optional	`main`	Required default branch name for the require-default-branch policy. Defaults to 'main'
`allowed_merge_strategies`	Required	—	Comma-separated list of allowed merge strategies for the allowed-merge-strategies policy (merge, squash, rebase). Only listed strategies will be allowed

Learn More

Guardrail · VCS Guardrails Require Branches Up To Date View all compatible integrations

→

Collector GitHub Collector View full documentation

→

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process

Infrastructure conventions

Post-mortem action items

Security & compliance policies

Testing & quality requirements

Book a Demo

See it work with your own use cases

See How It Works

Require Branches Up To Date + GitHub Collector

How GitHub Collector Powers This Guardrail

Quick Start Configuration

What GitHub Collector Collects

repository

branch-protection

access-permissions

Example Data Flow

Configuration Options

VCS Guardrails Inputs

Other Guardrails Using GitHub Collector

Learn More

Ready to Automate Your Standards?

`repository`

`branch-protection`

`access-permissions`