Skip to content

"Allowed to push" should be able to merge without CODEOWNERS approvals

Summary

Users defined as allowed to push for given protected branch should be able to merge feature branches without CODEOWNERS approvals.

Steps to reproduce

  1. Add user to allowed to push and merge for some protected branch with Code owner approval enabled.

    image

  2. Create a feature branch and try to merge it to that branch.

  3. Realise it's not possible because of missing CODEOWNERS approvals.

    image

  4. Try to merge the feature branch locally and push the changes directly to the protected branch. It works.

What is the current bug behavior?

As stated in both Code owner approval tip:

image

and docs:

image

the ones allowed to push shouldn't be blocked by CODEOWNERS approvals. That works as expected for direct pushes, but it's not true for Merge Requests.

EDIT: Docs have been recently updated to reflect correctly the current behaviour, so it's no longer a bug, but a feature request.

What is the expected correct behavior?

Allowed to push shouldn't be blocked by CODEOWNERS approvals during Merge Requests as well.

Rationale

When you define some people who can push directly to protected branches, you already allow them to bypass the whole MR flow (approvals, pipelines, CODEOWNERS etc.). Generally you treat them as "power-users" who can do more than other developers for whatever reason. I believe it's not a coincidence such a functionality exists in GitLab.

And now we have a situation when these guys can push whatever they want anyway, but they simply cannot do it via MR - it's just incoherent. There should be a way to either skip CODEOWNERS for given users or to define them as non-overridable CODEOWNERS - but neither option is possible today. As stated e.g. here:

If a change is submitted directly to the protected branch, approval from Code Owners is still required, even if the section is marked as optional.

GitLab has a mechanism to apply CODEOWNERS also during direct pushes, but doesn't do it for the ones allowed to push. So for me it definitely makes sense to keep exactly the same logic for MRs.

Results of GitLab environment info

GitLab Enterprise Edition 15.11.11-ee

Edited by Jakub Lański