A broken step in the Gutenberg plugin release pipeline triggered a governance change in the project’s GitHub repository on 8 July 2026. The automated GitHub app responsible for pushing version bump commits to the trunk branch had lost the ability to do so, and the fix required replacing the existing access controls entirely.
At around 16:00 UTC, maintainers converted all branch protection rules in the Gutenberg repository to GitHub repository rulesets — a newer GitHub feature that controls who can push to specific branches and under what conditions. The switch resolves the release pipeline failure and moves the project to a more flexible access control model.

Rulesets are not a straight replacement for branch protection rules; GitHub supports both simultaneously. But rulesets offer meaningful practical advantages that made keeping the old rules redundant in this case.
Rulesets are publicly accessible, so contributors can understand why they may be unable to perform a certain action on a specific branch.
Make WP Core
That publicly viewable structure is a practical benefit for contributors hitting permission walls. With rulesets, the rules governing the trunk branch are openly browsable, reducing friction for new contributors trying to understand the repository’s structure.
Maintainers reviewed all pre-existing protection rules before the migration and found no reason to keep any of them alongside the new rulesets. The new configuration is intended to be functionally identical to what was in place before, though the post acknowledges some edge cases may have been missed during the transition.
Contributors who notice any permission or capability issues are asked to report them in the #core-editor channel on the WordPress Slack, or in the comments on the original Make WordPress Core post. Props to @jorbin for reviewing the new rulesets against the previous rules and proofreading the announcement.