Merge Request Approvals
Git merge request approvals introduce a layer of review to ensure quality and compliance before changes are merged into protected branches.
By default, merge request approvals are optional. You can set a policy to make them mandatory. Mandatory approvals enforce the need for one or more team members to approve merge requests (MRs) that target protected branches.
Rules for mandatory approval of git merge request
- Mandatory approvals: requires at least one approver for MRs targeting protected branches.
- Approval restrictions:
- The MR author CANNOT self-approve.
- Approvals MUST come from project members with the Developer role or higher.
- Inheritance rules: when enabled at the group level, the setting applies to all subgroups and projects and cannot be disabled at a lower level.
- Protected branches: merge request approval rules only apply to branches designated as protected. Ensure your critical branches (e.g., main, production) are marked as protected.
Using mandatory approvals of git merge requests
As per the rules, as the author of merge request to a protected branch you cannot approve your own changes.
Only an eligible member of the project - eligible as in a member with the Developer role or higher - can approve the merge request for you.
Finally, the merge request targeting the protected branch can be merged by a team memeber with the Maintainer or higher role after approval.
Where to enable git merge request approvals
You can enable mandatory approvals at various levels of your group and project hierarchy, starting from the top-level group.
At your top-level group
- Enabling this setting here applies the MR approval rules to all your projects within the top-level group or any subgroup thereof.
- Note that you cannot override this setting at lower levels.
- Only an Owner of the group can make changes. Refer to DataOps roles for more details.
At a subgroup
- If enabled at a subgroup level, the approval requirement applies to all projects within that subgroup.
- Adjacent subgroups are not impacted.
- Note that we generally recommend enforcing the rule at your top-level group. Yet, it is helpful during rollout to test at the subgroup level.
- Only an Owner of the parent group or the subgroup can make changes. Refer to DataOps roles for more details.
At an individual project
- Enable this setting within a project to enforce approval rules for merge requests specific to that project.
- Note that we generally recommend to enforce the rule at the group level.
- Only a Maintainer of the group can make changes. Refer to DataOps roles for more details.
Steps to turn mandatory approvals for git merge requests on or off
Turn on mandatory approvals for groups
- Navigate to your top-level group or subgroup Settings
- Locate the General menu
- Under Permissions and group features, you will find the setting for requiring approval for Merge Requests
- Check the Box and remember to save your changes
Merge request approval settings for a top-level group.
Merge request approval settings for a subgroup - note that changes are blocked due to inheritance of the setting from the top-level group.
Turn on mandatory approvals for projects
- Navigate to your project Settings
- Locate the Merge Requests menu
- Under Merge Approval options you will find the setting
- Check the Box and remember to save your changes
Merge request approval settings for a project.
If you turn on the setting at the top-level group, it will be reflected in your subgroup and project settings, and you will not be able to turn it off.
A note on implementation
Using the UI to change the settings will add the CI/CD variable __DOL_FEATURE_MERGE_REQUESTS_TO_PROTECTED_BRANCHES_REQUIRE_APPROVAL to your group or project.
The variable at the group level.
The variable at the project level.
