Is there anyway in Azure DevOps to forbid people from adding/removing required reviewers when creating a Pull Request?
I have set up the policy "Automatically included reviewers" with a bunch of required reviewers.
But still anyone who create a PR can easily add someone else in the required reviewer list or remove anybody from the automatically included required reviewer.
I want anyone to create a PR but not add/remove any required reviewer.
Apparently this is not possible, and they don't seem to consider it a bug. See this feedback item. I think it is ridiculous that they don't consider this a bug. When you set a branch policy stating: Pull requests to this branch van only be completed when these reviewers have reviewed it, only people having the permission Bypass policies when completing pull requests should be able to complete the pull request without adhering to the policies, which includes the required reviewers policy.
I've added a new feedback item to stress this. Feel free to update this feedback item, however history tells me they will either acknowledge the issue and never fix it, or still deny it is a bug.
We probably will we have to learn to live with this bug
If a required reviewer is added via Automatically included reviewers, the reviewer can't be removed:
For reviewers added manually or via the API there's no way to forbid it as far as I know.
The following feature requests implicitly confirms this:
https://developercommunity.visualstudio.com/t/Users-able-to-change-required-reviewer-t/1196519
Related
This is what I know so far from my understanding of Github:
Github allows default reviewers whether it be for a specific type of file in any/certain location through the creation of the CODEOWNERS file.
Github allows the number of reviewers that are required to approve a PR. You can also specify what type of access they have.
Github allows required review from Code Owners
What I want to know is if there is a way to set up mandatory reviewers meaning that the PR can't get merged until certain people give their approval.
For example, I created a PR and I have reviewers A, B, C, D, E, and F. I want to make it so that this PR cannot get merged until reviewers A and B have approved it. I thought I could use the Require review from Code Owners but I think that it only requires at least one person to approve. The other idea that came to mind was just setting the required approval to the same number of people inside the code owners. Any help would be much appreciated.
I thought I could use the Require review from Code Owners but I think that it only requires at least one person to approve.
Your assumption is right. Currently, you can request multiple owners to review a PR, but only one of the reviews will be mandatory.
You can check the accepted answer in this GitHub Community discussion for more details.
As for the second part of your question,
setting the required approval to the same number of people inside the code owners
I believe that should do the trick. You may also want to follow the tip, described in the Approving a pull request with required reviews and ensure that code owners are the only persons with write permissions to the repo so that no other persons or groups will mess up the review process:
If your repository requires approving reviews from people with write or admin permissions, then any approvals from people with these permissions are denoted with a green check mark, and approvals from people without these permissions have a gray check mark. Approvals with a gray check mark do not affect whether the pull request can be merged.
Members of my team sometimes need to add required Reviewers to their pull requests to ensure that a certain person actually performs the review.
We have a policy where a group of developers is automatically added to the pull request, which for 99% of the time is fine, but sometimes we need to add an extra person or 2.
There isn't a permission that is standing out explicitly showing which setting to use.
Any clues would be good
Looks like you are talking about this option. Some users are lacking it.
It's a new Pull Request Experience for Azure Repos. It should be the same permission to remove a required reviewer from Azure Devops
When you want to remove that required reviewer from the Automatically include code reviewers, you need to make sure someone who has the permissions to Edit policies (Project Administrators) to
Note: You need to check the Branch policies of the branch which you want to merge, for example, you merge from Dev to master, you need check the Branch policies of the master branch.
Then, after remove that required reviewer, you could go back to your pull request and click the X button:
So it should be the same let somebody to make required for reviewers. Try to assign them edit policy permission.
Hope this helps.
When we create a new Pull Request in Azure DevOps, we've recently noticed that the Reviewer is Optional by default.
This has caused some confusion, as far as I recall, reviewers were always Required by default in the past.
Has this changed?
To make the Reviewer required, I know we can do this via the 'Add Required Reviewer' option but it would be nice if we could make the Reviewer Required by default...
For recent changes you may be seeing, see the this user voice request and the blog post about the new pull request experience.
One thing we've done in the past to ensure a pull request always gets a review is create teams within the project adding a set of users of which at least one will have to approve the pull request and then update the target branch policies to add the team as a required reviewer.
you can do that by using branch policies, the bit thats called add automatic reviewers: https://learn.microsoft.com/en-us/azure/devops/repos/git/branch-policies?view=azure-devops#automatically-include-code-reviewers
On my organisation we use Azure DevOps and we have a repository where we want developers to be able to create pull requests with changes to it, but only develpers belonging to certain AD group to be able to approve them. What's the best way to achieve this in Azure DevOps?
According to Microsoft Documentation there is a permission called "Contribute to pull requests " which allows "Can create, comment on, and vote on pull requests." However, disabling this would mean that people cannot create pull requests. I want them to be able to create the pull request, just not able to approve them and complete them.
However, disabling this would mean that people cannot create pull
requests. I want them to be able to create the pull request, just not
able to approve them and complete them.
If the Contribute is set to Deny, then the developer can review the code/create new branch/create PR/approve PR but can't push changes to master branch or branch not created by himself/complete PR. So this option can only partly meet your needs.
Apart from above, a most recommended way in this scenario is to use Branch Policies.
Since the original purpose is to avoid developers to complete the PR themselves, you can set both Require a minimum number of reviewers and Automatically Include reviewers options to meet your original needs:
So that all the PRs in master branch can't be completed until it gets enough approvals from specific Group. (The group you're in, Project Administrators or what) Then the developers can create the PR, but the PR can only be completed by approvals from you(Team admins/managers?).
You can choose one of the above two options or combine them together to meet your needs.
In addition: If all above still can't meet your requirements very well, feel free to post your feature request in our User Voice forum, the Product Team would consider about your feedback. Follow the feedback and you can get notifications if there's any update.
Hope all above helps :)
I have run into an issue where if my project managers are rushing, they sometimes will help move pull requests along by 'approving' them. As we have set the branch policy to require at least 2 approvals (and the creator cannot be one), this can be a bit of a frustration. I have moved the PMs into a new security group to isolate them from most options but I cannot find anything specific about Pull Requests. Does this just follow under the Contribute option or is there a specific way I can block them from being able to approve pull requests?
They have "Contribute to Pull Request" permissions, located under repo security settings. Remove that permission for the people you don't want to be approving PRs.