Disallow merging if not approved by atleast one other developer

If I understand correctly, I can configure Stash so that some users can merge to specific branches.

But in our team, things are a bit different. In principle, everybody is able to merge. Our (written) workflow depicts that, before somebody merges something to the master branch, he/she should atleast have it reviewed by one other developer.

So what I'm looking for is the option to only allow merging in Stash if a pull request was atleast reviewed by one other person. Where all persons have exactly the same rights in our Stash user management.

1 answer

1 accepted

0 votes
Answer accepted

Hi Tonni,

You can configure the minimum number of approvers in the repository settings. Check out https://confluence.atlassian.com/display/STASH/Checks+for+merging+pull+requestsfor instructions.



Thanks. How could I miss that one? :-)

One more question though. Suppose I would also want to prevent developers from merging and pushing using GIT Bash (or any other tool), would that require me to set the developers' permissions to read-only and allow them to fork the project and create pull requests instead?

If you'd set the developers permission on the 'central' repository to read-only, they wouldn't be able to merge the pull requests from a fork to the central repository. You need write access on the target repository (and branch) to be able to merge; allowing users with 'read' permission to merge pull requests makes it very hard to control what comes into a repository/branch.

In the fork-based workflow that you suggested, you'd need to appoint a select group of developers and give them write permission on the repository so they can merge the pull requests. It's inconvenient, but it's the only way to strictly control what changes are allowed. If you're happy to do that, I'd set up branch permissions on the branches you want to protect instead of forcing the developers to use forks. It allows you more fine-grained control and is more convenient for the developers as well.

In our own workflow, we trust our developers to follow the workflow and create pull requests for all changes. If you really need to enforce the workflow, you could write a small repository hook that blocks all pushes to selected branches. That way, pull request merges would still be allowed, but manual pushes to the branch would be rejected.

We have documentation and examples on how to write custom repository hooks here:https://developer.atlassian.com/stash/docs/latest/how-tos/repository-hooks.html

Thanks for the detailed answer. Your point about 'trusting the developers' makes great sense. There's no need to strictly enforce this workflow. I trust other developers to follow the workflow, or workaround it if really really needed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Bitbucket Pipelines

Building a Bitbucket Pipe as a casual coder

....sh :  #!/bin/bash source "$(dirname "$0")/common.sh" enable_debug extra_args="" if [[ "${DEBUG}" == "true" ]]; then extra_args="--verbose" fi # mandatory variables ROLLBAR_ACCESS_TOKEN...

190 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you