Allow Any Eligible User to Approve Merge Requests for Protected Branches
Release notes
To create compliant pipelines, customers need to add approvers for Merge Requests. The current functionality allows any eligible user to approve an MR but this is applied to all branches in a project. Maintaining a list of users allowed to approve certain branches could lead to additional challenges such as users missing from the group or added by mistake. This change seeks to address that, while also allowing developers to complete work on non-protected branches.
Problem to solve
As a Compliance Manager, I want to ensure that code is approved before reaching protected branches. I already trust all the users added to a project, so I am comfortable with any of them approving changes. I don't want the management complexity of maintaining user groups who are allowed to approve, but I also want developers to have the freedom to work in and push changes in non-protected branches.
Intended users
- Cameron (Compliance Manager)
- Sasha (Software Developer)
- Delaney (Development Team Lead)
- Alex (Security Operations Engineer)
- Sam (Security Analyst)
User experience goal
Users should be able to set up approval rules for Protected Branches quickly and efficiently while reducing developer friction.
Proposal
This can be achieved in three ways:
- (Preferred) Allow the modification of the Target branch for the default
Any eligible user
rule. Adding the ability to selectProtected branches
. - Modify the current default approval rule for
Any eligible user
. Update the target branch to reflectProtected branches
instead ofAny branch
. - Add an additional default rule for
Any eligible user
with the target branch ofProtected branches
(Might interfere withMultiple Approval Rules
).
Further details
Having the default rule apply to Any branch could create developer friction, as they will need changes approved to move through branch workflows that are not protected. In many if not most workflows, approvals are only required before code reaches a Prodcution/Staging/Release type branch.
Permissions and Security
This feature would apply to users who are currently able to modify approval rules and should not require any additional changes/permissions.
Documentation
Our docs currently appear to address this issue, but it is unclear if this works as expected. This issue might already be resolved. If so we should change the text in the UI from Any branch
to Protected Branches
. Scoped to Protected Branch.
Availability & Testing
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
Links / references
Opened on behalf of a Commercial Customer https://gitlab.my.salesforce.com/0016100000KvahJ (Internal)