Is there a way to always enforce Pull Requests instead of allowing pushing directly to a repository?

Hey.

I am new to Atlassian Stash, but I have been playing around for a day now.

Looking at the "Repository Pemissions" page:

https://confluence.atlassian.com/display/STASH028/Using+repository+permissions

I can read that a user with the WRITE permission can create a Pull Request, approve and merge it, but also Push directly to the repository.

It seems like users with the WRITE permission can bypass all kinds of code review by pushing directly to the branch, hence by ignoring to create Pull Requests.

Is there a way that enforce that all commits to master has to be done via Pull Requests?

5 answers

1 accepted

This widget could not be displayed.

Oh I see that this question has already been asked here:

https://answers.atlassian.com/questions/152360/branch-permissions-only-allow-commits-via-pull-request

And it is not possible.

This widget could not be displayed.

Branch permissions now support separate permissions for writing directly to the branch vs merging via pull request.

This widget could not be displayed.
Jeff Thomas Atlassian Team Nov 19, 2013

You could setup Branch Permissions so that only certain people can write to a branch.

True, but I want everyone to be able to approve and merge, and I want everyone to create Pull Requests, but no one to push directly to the branch.

The problem, I think, is that the WRITE permission allows both approve+merge AND pushing directly. So if we want to enforce code review, we need to enforce Pull Requests. But with the WRITE permission you can bypass creating Pull Requests and push your commit directly to the branch, bypassing the whole code review process.

So my question still stands; Is there a way that enforce that all commits to master has to be done via Pull Requests?

Jeff Thomas Atlassian Team Nov 19, 2013

Sorry, I missed where you want to people to still be able to approve and merge.

You could setup a pre-receive hook by creating a plugin that prevents pushes to certain branches. See this answer for more details.

There is an open JIRA issue to do what you need without having to write a plugin, see STASH-2910.

This widget could not be displayed.

There are two 3rd party plugins that provide this missing functionality - "Pull Request Please" and "Workzone".

A JIRA was raised way back in 2012, but I don't think there's any chance of it being actioned.

Unfortunately, my current client is a large investment bank, and simply won't allow 3rd party plugins in any of the software they pay for.  To get this functionality, I am considering switching to Gerrit.

This widget could not be displayed.

This story appears to be substantially improved now: https://confluence.atlassian.com/bitbucket/suggest-or-require-checks-before-a-merge-856691474.html

You can separately grant permissions to individual branches including both "Write" and "Merge via Pull Request"

You can also "Prevent a merge with unresolved merge checks"

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted 5 hours ago in Europe

Topic Tuesday: How did you learn about the AUG programme?

Back in 2010 I hadn't been using the Atlassian tools (JIRA, Confluence, Bamboo) that long and I started searching online to see if I could chat to other users primarily about how they used the produc...

13 views 0 0
View post

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you