You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
We would like to setup a mandatory review process on repo-level based on lists. The idea is that anyone could open a PR, but it can be approved by people belonging to certain role/list. We are currently setting it up via API, creating a default reviewer list with at least one mandatory approval. This is not exactly what we want though, as if the originator of PR is a member of the list of default reviewers, than they still need to get another from default reviewers to approve, and we would like to drop that requirement.
Do you have any suggestion on how to add it? We have access to Workzone and Scriptrunner. I briefly explored the Merge Checks from the Scriptrunner, but we would like to set it up for each repo in the project, ideally through the API, as automated as possible. Also, allowing only members of the list to merge does not solve the problem, as we would like to detach the approval from the actual merge, so the change could be merged by whoever initiated the PR.
Currently we are sourcing members for the default reviewers based on the Active Directory groups, as this is the only way of easily distinguishing roles in our setup.
glad you're using Workzone (we maintain it :) - you're half-way there with your requirement. If I understand correctly you would like some mandatory reviewers (currently configured as repo default reviewers) to approve a PR before it can be merged, EXCEPT if any of the mandatory reviewers is the author of the PR, then it should be merged directly without an additional approval, correct?
So Workzone can do that for you - in combination with repo merge permissions that you mentioned above. Here is how to set it up:
With this config each mandatory reviewer as PR author can merge directly via the merge button. Other author's PRs will need at least one approval from a mandatory reviewer group member before the PR is auto-merged by Workzone.
(**) Workzone takes "mandatory" reviewers literally - even if the PR author edits the PR and removes a mandatory reviewer, Workzone will add them back :D
Workzone exports a REST API for automation as well.
Let me know if this helps,
// Izymes - Tools for efficient teams
Hi Ulrich, thank you for your response - this is almost what we want :)
The only difference is that we don't want automatic merge - it should still be up to the author of PR to decide when to merge it. So we don't want automatic merge based on approvals but rather mandatory review/signoff of the PR before merge, still controlled by the PR author.
Is it possible?
Also, do I understand correctly, that this part:
would be configured in global "Repository settings"->"Security"->"Branch permissions" , not in Workzone? Or where exactly?
I understand that Workzone auto-merge is not an option and the author of the PR needs to merge it manually.
If _anyone_ must be able to merge manually, Workzone must then enforce merge conditions for everyone, including the mandatory special reviewers. So you're back to square one where even mandatory users require an additional approval.
As a work-around you can use Workzone's 'trigger auto-merge on task completion' feature and require all tasks to be resolved ('no open tasks') as a general merge condition in repository merge check settings.
PRs can still get merged manually by mandatory reviewers (without additional approval). Other authors need to create a task like 'merge me' and wait for the approval. Once that is given, the PR is not yet auto-merged because there is an open task. The author can then tick off the task and the PR will be merged by the system account user.
And yes - the system account user needs to be added to repository settings > security > branch permissions > allow via pr merge
Hope that helps.