GitHub Copilot and Unhonored Branch Protection

I was using the GitHub Copilot web chat experience yesterday for client work. I needed to migrate some issues from a third-party CSV export into GitHub Issues. (It mostly worked, but there was still a lot of data massaging after the fact, which the chat could not do.)

Early in the process, the chat took my command of make the issues to make markdown files in an issues folder on the main branch instead of making actual GitHub Issues.

This repo has branch protection rules that should disallow direct commits on main, but I guess because I am an organization admin, it just does it.

This series of events kicked off unwanted deploys and commits. It was a solid reminder about the dangers of putting these MCP chat servers anywhere near production systems.

I’m starting to get marketing from Render as to the availability of its own MCP services, and I’m very hesitant to use them.

---

About the Author. Mike Zornek is a developer and teacher focusing on product design and development with a heavy focus on Elixir and LiveView. In between his projects, Mike helps other teams through consulting. During off hours, he enjoyed watching Phillies baseball and playing relaxing video games.