GitLab Next

Problem to solve

Large organizations with many projects and large projects need to enforce review policies so that they can ensure the correct teams and individuals review changes that impact them. GitLab should allow approvals from Code Owners to be required before a merge request can be merged.

Target audience

Further details

Building on the integration of Code Owners into the merge request approval process, we should make it possible to require Code Owner approval through the merge request workflow. To fully enforce code owners on a specific branch the Protected Branch rule to prohibit anyone from pushing directly to the branch to avoid a manual merge bypassing approval requirements.

Proposal

Add a merge request option to project settings to require approval by code owners in merge requests:

Require approval by code owners Only allow code owners to change files that match CODEOWNER rules. Commits that change files owned by other users or groups will require approval before the merge request may be merged. Owners may change any file.

Until all matching code owners rules are satisfied by one approval (or more), the merge request cannot be merged.

Add a new ~"usage ping" field for the count of projects where code owner approval is required.

Designs

Project settings	MR create/edit form	MR Widget

• The project settings for MR approvals has a checkbox to enforce codeowner approval.
• The MR create/edit form shows a message that codeowner approval is required and displays the codeowner rules that match for the given MR.
• The MR widget shows the current status for each of the matching codeowner rules
• The default number of approvals required per codeowner rule will be 1. We will offer customizability in a follow-up issue.

What does success look like, and how can we measure that?

We will monitor adoption of required code owner approvals with a new usage ping field

Links / references

https://gitlab.com/gitlab-org/gitlab-ee/issues/4413 https://help.github.com/articles/about-codeowners/