Display summary of resolved branch rules for a specific branch
Proposal
To help users understand what kind of rules are going to be applied to a branch, there should be a way to preview what the rules would be applied to a specific branch. It is hard to look at the settings to infer what the settings resolve to without creating a merge request.
Mockup
From &9810 (comment 1282131820)
The vast majority of users looked for branch-related rules on the branches page next to these buttons.
Branches | Panel showing resolved rules | Expand matching rules |
---|---|---|
Background
We can't display a specific branch rule for a branch because there could be multiple branch rules that match to a specific branch and those rules are processed to see which rules would apply.
- Protected branch rules the most permissive rule would apply #389926 (comment 1289855951)
- Merge request approvals are additive. So if you had two merge request approval target branches matching a specific branch then both of those approvals would be required in the MR.
Working through an example.
The repository has a protected branch for 181-*
and it has the following settings:
protected branch | merge rule | push rule | req codeowner approval |
---|---|---|---|
181-* |
developer + maintainer | developer + maintainer |
approval rules | approvers | approvers required |
---|---|---|
Wildcard approvers | 2 users | 1 |
There is upcoming work on the branch 181-migrate-gitlab-shell-checkers
and the team wants to impose more strict branch protections on it but not requiring any CODEOWNER approvals here and additional approval rule called "Specific 181"
protected branch | merge rule | push rule | req codeowner approval |
---|---|---|---|
181-migrate-gitlab-shell-checkers |
maintainer | maintainer |
approval rules | approvers | approvers required |
---|---|---|
Specific 181 | 2 users + 1 group | 2 |
The rules resolution
For the branch 181-migrate-gitlab-shell-checkers
the resolution of the rules would result in this
protected branch | merge rule | push rule | req codeowner approval |
---|---|---|---|
181-migrate-gitlab-shell-checkers |
developer + maintainer | developer + maintainer |
approval rules | approvers | approvers required |
---|---|---|
Wildcard approvers | 2 users | 1 |
Specific 181 | 2 users + 1 group | 2 |
CODEOWNERS | 1 |
**Screenshots of the flow**
Step | Screenshot | Comment |
---|---|---|
Protected branches | ||
Merge request approvals | ||
New merge request | Only 2 approval rules are mentioned | |
Merge request | Now we see that CODEOWNERS is an additional approver |
Current problem with branch settings
From the example above the team wanted to impose stricter branch protections but in the end because 181-*
had a more permissive rule of developers + maintainers
the end result is that the team was not able to have the stricter protection to restrict merge and pushing to maintainers
This problem is NOT visible or apparent in Settings or the "Repository > Branches" list. The only way currently to see this is by doing your own debugging in "Protected branches" and seeing the output of required approvals in a newly created merge request. Even looking at the "New merge request" and the merge request view, we can see that the CODEOWNERS approval configured for 181-*
only appears after creation.