Navigate to Organization Settings > Rules > Rulesets and create a new ruleset targeting the repositories and branches where CI must be enforced
Add the 'Require workflows to pass before merging' rule and specify the workflow to require by entering the source repository, file path, and ref (e.g., ORG/.github-workflows/.github/workflows/ci.yml@main)
Set the ruleset enforcement status to Evaluate to audit compliance without blocking merges during rollout, then switch to Active once the required workflow runs reliably across all targeted repos
The required workflow must include pull_request and/or merge_group in its on: trigger; rulesets only enforce workflows on PR and merge queue events, not push or schedule events
Grant bypass permissions (bypass list) to specific roles or teams that need to merge without waiting for CI in emergencies; bypass actors are audited in the organization's audit log
Organization rulesets became available on GitHub Team plans in June 2025; on Enterprise Cloud, rulesets can also be defined at the enterprise level to cascade across all organizations
Known gotchas
Required workflows defined in rulesets replace the older 'Required workflows' organization-level feature (now called 'organization required workflows'); if you previously configured that feature, validate that rulesets are enforcing the same checks after migration
A ruleset-required workflow must exist and be accessible in the source repository at the specified ref; if the workflow file is renamed or the ref is deleted, all targeted repositories will be blocked from merging
Rulesets with wildcard branch patterns (e.g., release/*) do support required workflow checks, unlike the classic branch protection merge queue restriction — but always test with Evaluate mode first
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp