The fix in SKARA-1173 made it possible for us to use the prbranch feature in GitLab for dependent PRs, but it came with a side effect. We are no longer able to have branch protection on * in our main repositories, which makes it possible for any developer to push new branches to those repositories. This is not something we want to allow.

An alternate strategy for dealing with prbranch deletion would be to use a branch protection rule for *, but then let the bot temporarily remove that protection when deleting a prbranch. This won't be water tight as a user could be lucky and push a branch right at that moment, but it would make it far less likely than it is today. I think it's worth trying out by implementing support for this in Skara so we can configure this strategy instead of the explicit protection rules from SKARA-1173.

When implementing this, it's important to remember that a bot can be interrupted or fail at any time, so we will need some kind of defensive mechanism to ensure that the rule is active most of the time. This could possibly be done through a one time WorkItem scheduled at bot startup that enables the rule.