Hey.
I am new to Atlassian Stash, but I have been playing around for a day now.
Looking at the "Repository Pemissions" page:
https://confluence.atlassian.com/display/STASH028/Using+repository+permissions
I can read that a user with the WRITE permission can create a Pull Request, approve and merge it, but also Push directly to the repository.
It seems like users with the WRITE permission can bypass all kinds of code review by pushing directly to the branch, hence by ignoring to create Pull Requests.
Is there a way that enforce that all commits to master has to be done via Pull Requests?
Oh I see that this question has already been asked here:
And it is not possible.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This needs to be heard! I wish there was a way to resurrect this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
UPDATE: This functionality is now a part of Bitbucket. Under Repository Settings > Branch Permissions, you can select any branch (e.g. “master”) and then add the restriction “Prevent changes without a pull request”.
Previous Answer:
There are two 3rd party plugins that provide this missing functionality - "Pull Request Please" and "Workzone".
A JIRA was raised way back in 2012, but I don't think there's any chance of it being actioned.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This story appears to be substantially improved now: https://confluence.atlassian.com/bitbucket/suggest-or-require-checks-before-a-merge-856691474.html
You can separately grant permissions to individual branches including both "Write" and "Merge via Pull Request"
You can also "Prevent a merge with unresolved merge checks"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Worth noting: preventing merge based on merge checks is (or was when I last checked) a premium feature.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You could setup Branch Permissions so that only certain people can write to a branch.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
True, but I want everyone to be able to approve and merge, and I want everyone to create Pull Requests, but no one to push directly to the branch.
The problem, I think, is that the WRITE permission allows both approve+merge AND pushing directly. So if we want to enforce code review, we need to enforce Pull Requests. But with the WRITE permission you can bypass creating Pull Requests and push your commit directly to the branch, bypassing the whole code review process.
So my question still stands; Is there a way that enforce that all commits to master has to be done via Pull Requests?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sorry, I missed where you want to people to still be able to approve and merge.
You could setup a pre-receive hook by creating a plugin that prevents pushes to certain branches. See this answer for more details.
There is an open JIRA issue to do what you need without having to write a plugin, see STASH-2910.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.