Login/Register
Azure Devops Pull Request - Prevent a user approving request if they have worked on the branch
Asked Answered
azure-devopsdevopspull-requestbranching-and-merging
C

2

5

I'm trying to find a way to stop users who have worked on a branch (who have committed changes on a branch) form being able to approve in a pull request on that branch. The idea that a dev can't approve their own work.

I haven't been able to find anything in the devops documentation and was hoping someone might have found a way that I've missed.

Anyone come across a solution?

Constructionist answered 17/2, 2021 at 11:44 Comment(4)
Hi, Just checking in to see whether this issue is still blocking you now? Any update for this issue?Sandlin
Still no resolution - I'm aware of the solutions provded below but doesn't restrict someone who commited to the branch signing off.Constructionist
We cannot restrict the vote via commit owner, you could add your request for this feature on our UserVoice site, which is our main forum for product suggestions. Then kindly share the URL as the answer. Thanks.Sandlin
Hi, If this answer is helpful, would you please accept it as the answer? So it could help other community members who get the same issues and we could archive this thread. Thanks. Have a nice day. :)Sandlin
I
6

Out of the box, you can prevent the creator of the pull request and the most recent pusher from approving their own changes, but you can't prevent every user who's committed to the branch from approving their changes. You likely won't want to prevent every developer who's committed to a branch from approving, because eventually, that will be nearly the entire development team.

You'll want to head to Project Settings > Repositories > Policies and update your branch policy to adjust the following settings:

  • Unchecked: Allow requestors to approve their own changes
  • Checked: Prohibit the most recent pusher from approving their own changes

Azure DevOps - Branch Policies

Here's Microsoft's documentation on how to enable approval restrictions:

Inkhorn answered 17/2, 2021 at 14:15 Comment(2)
Thanks for this - It's something I have already got enabled; however, we are a small development team and our policy is that it has to be independent devs to sign off on other devs work - otherwise I'd be tempted to agreeConstructionist
If you require separate dev teams to sign off on PRs of other teams, your best bet would be to organize the teams into groups and use the "Automatic Reviewers" feature to require that members from another team approve of work from a given project or repo.Inkhorn
S
2

The feature Prohibit the most recent pusher from approving their own changes just prohibit the pull request creator from approving their own changes.

For example, user A create branch and push commit, then user B create the pull request.

The user B can vote Approve but the vote will not count toward the Minimum number of reviewers. And user A vote approve the pull request and the vote will count toward the Minimum number of reviewers

Prevent a user approving request if they have worked on the branch

You could add your request for this feature on our UserVoice site, which is our main forum for product suggestions. Thank you for helping us build a better Azure DevOps.

In addition, as a workaround, we could configure the branch policy and enable the feature Automatically included reviewers-> add admin as request reviewer and set the option Policy requirement to Required. Then after the administrator checks and approves the pull request, then developers can complete the pull request.

enter image description here

Also, If there are fewer developers, we can let each developer create his own branch, they can only work on their own branch and create pull request for their own branch, then enable the branch policy Prohibit the most recent pusher from approving their own changes to do this.

Sandlin answered 18/2, 2021 at 7:5 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.