Are you in the loop? Keep up with the latest by making sure you're subscribed to Community Announcements. Just click Watch and select Articles.

×
Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Bitbucket - only members of a group can approve (including their own PR)

Edited

Hi,

We would like to setup a mandatory review process on repo-level based on lists. The idea is that anyone could open a PR, but it can be approved by people belonging to certain role/list. We are currently setting it up via API, creating a default reviewer list with at least one mandatory approval. This is not exactly what we want though, as if the originator of PR is a member of the list of default reviewers, than they still need to get another from default reviewers to approve, and we would like to drop that requirement.

Do you have any suggestion on how to add it? We have access to Workzone and Scriptrunner. I briefly explored the Merge Checks from the Scriptrunner, but we would like to set it up for each repo in the project, ideally through the API, as automated as possible. Also, allowing only members of the list to merge does not solve the problem, as we would like to detach the approval from the actual merge, so the change could be merged by whoever initiated the PR.

Currently we are sourcing members for the default reviewers based on the Active Directory groups, as this is the only way of easily distinguishing roles in our setup.

1 answer

2 votes
Ulrich Kuhnhardt _IzymesCo_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Sep 25, 2023

Hi Piotr,

glad you're using Workzone (we maintain it :) - you're half-way there with your requirement. If I understand correctly you would like some mandatory reviewers (currently configured as repo default reviewers) to approve a PR before it can be merged, EXCEPT if any of the mandatory reviewers is the author of the PR, then it should be merged directly without an additional approval, correct?

So Workzone can do that for you - in combination with repo merge permissions that you mentioned above. Here is how to set it up:

  1. Add PR merge permissions for each of the mandatory reviewers PLUS a system account user (Workzone "auto-merge" user) for the desired target branch 
  2. In Workzone "Reviewers", configure the AD group as a mandatory reviewers group (**) (Workzone handles AD groups) for the desired target branch or pattern
  3. In Workzone "Merge", configure the Workzone "auto-merge" system user as the merge user, set mandatory approval count to "1" for the desired target branch or pattern

With this config each mandatory reviewer as PR author can merge directly via the merge button. Other author's PRs will need at least one approval from a mandatory reviewer group member before the PR is auto-merged by Workzone.

(**) Workzone takes "mandatory" reviewers literally - even if the PR author edits the PR and removes a mandatory reviewer, Workzone will add them back :D

Workzone exports a REST API for automation as well.

Let me know if this helps,

Cheers Ulrich

// Izymes - Tools for efficient teams

Hi Ulrich, thank you for your response - this is almost what we want :)

The only difference is that we don't want automatic merge - it should still be up to the author of PR to decide when to merge it. So we don't want automatic merge based on approvals but rather mandatory review/signoff of the PR before merge, still controlled by the PR author.

Is it possible?

Also, do I understand correctly, that this part:

  1. Add PR merge permissions for each of the mandatory reviewers PLUS a system account user (Workzone "auto-merge" user) for the desired target branch

would be configured in global "Repository settings"->"Security"->"Branch permissions" , not in Workzone? Or where exactly?

Like Sabine Mayer likes this
Ulrich Kuhnhardt _IzymesCo_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
Sep 28, 2023

Hi Piotr,

I understand that Workzone auto-merge is not an option and the author of the PR needs to merge it manually.

If _anyone_ must be able to merge manually, Workzone must then enforce merge conditions for everyone, including the mandatory special reviewers. So you're back to square one where even mandatory users require an additional approval.

As a work-around you can use Workzone's 'trigger auto-merge on task completion' feature and require all tasks to be resolved ('no open tasks')  as a general merge condition in repository merge check settings.

PRs can still get merged manually by mandatory reviewers (without additional approval). Other authors need to create a task like 'merge me' and wait for the approval. Once that is given, the PR is not yet auto-merged because there is an open task. The author can then tick off the task and the PR will be merged by the system account user.

 

And yes - the system account user needs to be added to repository settings > security > branch permissions > allow via pr merge

Hope that helps.

Like # people like this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events