Discovery: Pivot on two-person approvals for objects instead of sensitive changes (settings)
Background
During our discovery of two-person approvals we were initially exploring the use of this mechanism for changes to sensitive settings, such as modifying merge request approval settings like "Prevent approval of merge requests by merge request author". Based on customer feedback and implementation challenges, we believe implementing two-person approvals for resources or objects, such as requesting to completely override an MRs approval rules from the MR widget, would be the better implementation that still solves the customer pain point.
Problem to solve
Currently, organizations do not have a way to add a "four eyes" or "second set of eyes" approval gate when users wish to take actions that are normally not allowed due to policy. If a developer needs to push an emergency fix to production, they would need to follow all of the current rules defined by protected branches, protected environments, MR approval rules, and wait for an entire pipeline to run which may include additional compliance CI jobs. There is no way to bypass all of this process for emergencies that a company may allow in those types of situations.
Intended users
JTBD
When there is an emergency and change needs to be pushed through, I want the ability to bypass any barrier to merge, so that I can avoid changing settings and simply force a merge into master.
Proposal
- Add a
Group
setting to enable/disableForce merge
(aka Two-person approvals) for (regulated) projects - Implement logic for
Merge Requests
so that ifForce merge
isenabled
, a new option in the Merge area will appear for any Merge Request intomaster
:[Force merge]
- The MR should be mergeable regardless of any impacting constraints: protected branches, protected environments, pipeline status, MR approval rules. It should be a straight shot to
master
Enabling force merge for a compliance framework |
Non-authorized user view | Ability to force merge in a MR |
Warning modal before continuing |
---|---|---|---|
![]() |
![]() |
![]() |
![]() |
Designs
Hypotheses to test
- We believe
a simple message stating who can help merge a request
for adeveloper
will achievea clear call to action when there is an emergency
. - We believe
providing an option to force a merge request into master
forgroup owners
will achievea faster resolution time
. - We believe
using a modal with a contextual warning
forgroup owners
will achieveample friction to avoid unintended consequences
.