Login/Register
How to setup multiple, specific, mandatory reviewers on github
Asked Answered
Solved githubgithub-actionsgithub-codeowners
B

1

7

This is what I know so far from my understanding of Github:

  1. Github allows default reviewers whether it be for a specific type of file in any/certain location through the creation of the CODEOWNERS file.

  2. Github allows the number of reviewers that are required to approve a PR. You can also specify what type of access they have.

  3. Github allows required review from Code Owners

What I want to know is if there is a way to set up mandatory reviewers meaning that the PR can't get merged until certain people give their approval.

For example, I created a PR and I have reviewers A, B, C, D, E, and F. I want to make it so that this PR cannot get merged until reviewers A and B have approved it. I thought I could use the Require review from Code Owners but I think that it only requires at least one person to approve. The other idea that came to mind was just setting the required approval to the same number of people inside the code owners. Any help would be much appreciated.

Barocchio answered 10/6, 2022 at 16:22 Comment(0)
C
3

I thought I could use the Require review from Code Owners but I think that it only requires at least one person to approve.

Your assumption is right. Currently, you can request multiple owners to review a PR, but only one of the reviews will be mandatory.

You can check the accepted answer in this GitHub Community discussion for more details.

As for the second part of your question,

setting the required approval to the same number of people inside the code owners

I believe that should do the trick. You may also want to follow the tip, described in the Approving a pull request with required reviews and ensure that code owners are the only persons with write permissions to the repo so that no other persons or groups will mess up the review process:

If your repository requires approving reviews from people with write or admin permissions, then any approvals from people with these permissions are denoted with a green check mark, and approvals from people without these permissions have a gray check mark. Approvals with a gray check mark do not affect whether the pull request can be merged.

Cruz answered 9/2, 2023 at 22:55 Comment(3)
But doesn't this mean that the mandatory amount of approvals would not necessarily come from the code owners? I mean let's say that you have 2 code owners (who get automatically assigned as reviewers) and you require 2 approvals. If the submitter of the PR assigns additional people as reviewers, wouldn't their approval count towards the mandatory minimum of approvals? Sure, when only the code owners can merge, it would help but it's still not exactly what the OP asked for, right?Organizer
@Organizer yes, this is a valid point. But as I mentioned in the second part of my answer, making code owners the only persons with write permissions should be enough to prevent the cases you're talking about, as any additional reviewers won't be enablers for PRs to be merged before code owner's review as they are considered as 'secondary'. Unfortunately, I can't easily reproduce this case myself, so I may be mistaken to some extent, but according to the docs that linked, it should work.Cruz
@Cruz wouldn't requiring code owners in the branch protection rule to review the PR also achieve this second part point you mentioned? No need toClaman

© 2022 - 2024 — McMap. All rights reserved.