Best Practice: GitLab merge request approvals

Statement of Best Practice

Merge requests will require a single approval from a valid user before the merge request can be merged. The approver cannot be the author of the merge request or someone one who has made commits to the merge request

This change is being made to satisfy an ISO request to ensure separation of duties for new merge requests — in other words, a single user cannot push code from a feature branch all the way to production without another set of eyes on the code, with required approval

Information Technology Services users of GitLab for projects contained in the UIT GitLab group

If a user cannot find a team member to approve a merge request, it is expected a suitable analog on another development or operations team will be found

A "reviewer" is a user who is assigned to approve a merge request. You may assign reviewers directly to a user or users as merge requests have been assigned in the past, but there is no need to assign the merge request to another user

Merge requests will require a single approval from a valid user before the merge request can be merged. The approver cannot be the author of the merge request or someone one who has made commits to the merge request
It is important to understand that approving a merge request is a discrete action from merging the code itself
It is recommended that after approval is made for a merge request, the merge request creator initiates the merge. The reason for this is the user who completes the merge is adding a commit when merging, and therefore will then be locked out of downstream approvals. In short: users who create merge requests should now generally push the button to merge it after it is approved

0 reviews

Article ID: 145159

Created

Wed 7/20/22 10:27 AM

Modified

Wed 7/19/23 8:38 AM

Supported Office or Community

University Community of Students, Staff, and Faculty