Is there any way in BitBucket to deny any merge to a specific target branch if that merge is not backed-up by an approved pull request?
Thanks,
Ido
In Repository settings > Branch permissions you can add checks to see specific number of approvals or specific number of approvals from default reviewers, check that no further changes are requested, or you can check for unresolved PR tasks. You can set this up for any specific branch
However preventing merge when there are unresolved merge checks is a premium feature.
Related
Please read carefully as I believe my use case is unique and I have tried searching a lot on how to do this, but I am still unsure.
Generally, I am trying to set up a repo for a group of developers to work on and have it contain CI checks and require reviewers. However, I have run into some issues with how Github enforces branch protection. On top of that, I cannot use Actions as we are using a self-hosted Enterprise Github through an organization.
My desires:
Use Jenkins (which is already set up and building) builds as checks for PRs. If the checks don't pass, you cannot click merge on the PR.
Allow pushing to a branch that I have a PR up for so the author can push changes based on PR comments.
Require two approvals from maintainers. You cannot click merge without these.
It seems I could protect a master branch for example. However, I would like to enforce the PR checks whenever a person chooses to make a PR. For example, from one dev branch into another dev branch.
Use case:
An author sets up a PR for merging a branch some-work into dev. Jenkins builds the HEAD of the branch some-work to evaluate the checks. I would like to enforce this PR to have two approvals from maintainers. So, those reviewers make some comments and request some changes. The author makes those changes and pushes a new commit to the some-work branch. Jenkins runs on the new HEAD to reevaluate the checks. Then, if-and-only-if the two reviewers approve and the checks pass can the merge button be clicked.
What I have tried:
Using Github branch protections: the required approvals and the required status checks. However, this prevents any pushing or force pushing to the branch being developed on. I could just apply these protections to master, but I also want these checks part of any PR (even dev2->dev1, for example).
Github actions, but these are not available in the self-hosted enterprise Github I have to use.
What I understand:
I understand that I can protect master, for example, in this manner with the native Github branch protection. However, if I want master to be something that always works, it is understandable that developers would break up a feature into multiple branches. They would also want their follow developers to review it when merging it from their branch to an intermediate (non-master) branch. Then the actual branch being merged into master consists of code written by many developers.
Thank you all in advance for your time and help. :)
Using Github branch protections: the required approvals and the required status checks.
However, this prevents any pushing or force pushing to the branch being developed on
But... that issue (not being able to push a protected branch) could be part of a possible solution.
I would make jenkins create/reset a PR branch based on a push on a topic branch (like some-work-pr, based on some-work)
some-work is not protected, and can receive commits at any time
some-work-pr is created by Jenkins protected, and cannot be modified: compilation/test/review/approval happens here.
PR would only be done from xxx-pr branches (protected PR branches created/managed by Jenkins), while other topic branches continue to evolve.
You can only enforce these policies with branch protections, so if you want to enable required CI checks before merging a PR for all branches, then you need to protect all branches (e.g., with the pattern **). In that case, you'll need to have developers use a forking model for your repositories so that they can push code to their forks and then merge in the changes via pull requests only.
Note that if you adopt an approach where projects are implemented as a set of small, incremental changes that are merged frequently and use feature flags to control whether the code is enabled, then as a practical matter developers will only merge into the main branch and you can get away with only protecting the main branch.
How to determine checklist for Bitbucket PR on merge pop-up?
According to Atlassian Documentation:
Merge checks apply to individual branches or branch patterns along with branch permissions. The rest of this section expands the example we used to describe branch permissions and includes merge checks.
So you need to go to Settings > Branch permissions and click on Add a branch permission, then use drop down Merge Checks. And choose options from below list - like on picture:
I want to create a TFS policy that blocks a changeset from being checked in if a certain keyword is found in the diff.
This will allow me to make local changes for testing ideas without worrying that these changes will be mistakanly checked in, as long as I add something like //nocommit in the code.
How can this be done?
There is no out-of-box check-in policy to achieve your requirement, you have to customize your own check-in policy and use command tf diff itemspec /noprompt to compare files.
As a suggestion, you could consider using Git version control, create a branch from master and work on the branch. When you are ready to merge your code to master, create a pull request to review the code. In order to protect master, you could set branch policy on master. After you set up a branch policy, you cannot directly push changes to the branch. Changes to the branch are only made through pull requests.
My team's policy is to not check in broken code into TFS. But what if two team members are working on the same file and each member's work represents a partial solution ? One members changes won't work without the other.
How is the best way to combine the code and still follow policy of not checking in broken code ?
Both developers could create a shelveset of their changes once their own coding is complete. Once it's time to merge their code, you have 1 developer unshelve the other developer's shelveset into their own workspace. Doing this will also trigger the Merge Tool in case there are any merge conflicts that can't be automatically resolved. This should allow the developer to combine work with the other without checking in broken code.
Note that both developers should make a shevleset of their own work before unshelving the other's, in case the unshelve of the other developers work goes terribly wrong in the merge and they need to revert their own work to the un-merged state.
Here's some documentation on creating and unshelving shelvesets
Consider allowing broken code on branches. The team members could commit code to branches and merge those branches together before merging into master. Your primary or master branch should require a passing build before a pull request can be merged in.
Look at the feature branch model: https://learn.microsoft.com/en-us/vsts/git/concepts/git-branching-guidance. This does not depend on Git but it is convenient as branching is cheap.
Both developers work on the feature branch which is allowed to be broken. When they are finished they issue a pull request to the master branch. The merge is only allowed if all tests pass to make sure the master branch stays healthy.
i work in a SQL Development Environment.
We have three branches namely DEV, TEST and LIVE.
Whenever a developer did something and wants to deploy on Test System i need a mechanism within TFS that enforces him to do a code review.
I know this can be done by enforcing a code review check-in policy.
But I don't want to trigger a code review with every check-in but more whenever somebody merges to TEST branch.
Think of it more as an approval enforcement. I want that TFS is requesting a code reviewe whenever somebody branches into a different branch. The best scenario is that i can specify the branches that trigger this behaviour.
Code Review Check-in policy can specify a path to apply this policy to, so you can only apply this policy to your TEST branch:
By the way, if you use Git team project in TFS 2017 or VSTS, you can enable branch policies to require code reviews for a branch. More information, check: https://www.visualstudio.com/en-us/docs/git/branch-policies