Comment by nzoschke

I’ve had success with this general approach too.

The best thing I’ve done so far is put GitHub behind an API proxy and reject pushes and pull requests that don’t meet a criteria, plus a descriptive error.

I find it forgets to read or follow skills a lot of the time, but it does always try to route around HTTP 400s when pushing up its work.