Git - how to have mixed permissions for merging a pull request into a protected branch?
-
06-01-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I know that, on github, you can define a protected branch and allow only certain users to merge a pull request there.
Say, for instance, that users A, B, C and D are developers and A is team leader and the one that should be responsible for merging the pull requests into the protected development branch. It happens that A is also a developer and amongst all other activities, he sometimes does some coding and issues a pull request.
Pull requests should not be approved into the development brach by its author, so A could not approve a pull request he created.
So, could I add to the protected development branch a set o permission rules? My idea was that both users A and B could approve merges into the protected development branch but A would be able to approve pull requests from B, C and D. Whereas B would only be able to approve pull requests from A.
I hope my question was clear enough. Is this feasible?
La solution
There is no set process here, no industry standard way.
The important thing is not so much who approves pull requests, but is the code being merged being reviewed? By having one person approve pull requests, that person will be responsible for code reviews of the code in question. However, you do raise a valid point: if person A's code is not reviewed by peers, how can we ensure quality of the code being merged?
This ventures into opinion-based territory, but this is what has worked best in my experience:
All code being merged into "the gold standard branch" or whatever you want to call it, should be reviewed by the entire team regardless of who the author is.
I am an experienced software engineer and tend to write good code (well, by the time I check it in at least). However, I have made plenty of mistakes. Some of them have been caught in code review, some have not. However, when I have been on a team that does code reviews, most mistakes, mine or others', tend to be caught before they end up version control.
In other words: person A is the one that actually performs the pull request, but the entire team reviews the code together before the pull request is approved.
