search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
43.99k stars 5.4k forks source link

Option to turn off ability for administrator to merge pull request without getting approvals granted #17131

Open my1e5 opened 2 years ago

my1e5 commented 2 years ago

Feature Description

Say I am one of the 'owners' of a repo and I've set branch protection on the main branch. Specifically, I've set required approvals to 3.

This works fine for the most part, but on the pull request it shows 'As an administrator, you may still merge this pull request.':

image

So I could click the red 'Rebase and Merge' button and bypass the required approvals.

A feature I would really like would be a way to disable this ability. So that, even as an owner, I don't get this option to merge the PR without approvals.

Now I understand that, as owner of the repo, I have ultimate control of the settings. If I wanted to, I could go into settings and remove the need for required approvals. But that is quite an involved process which under normal circumstances I wouldn't do.

However, I want to avoid the temptation for an owner to quickly merge a PR without getting approvals granted first.

If I could just disable this merge button from showing, until approvals have been granted, then that would improve usability.

Screenshots

No response

gtema commented 2 years ago

I have a different usecase falling on the same issue:

while implementing Zuul CI support for gitea I need to know whether PR can be merged. Now the "mergable" field is not really telling much forcing CI to go through all branch protection definitions and present reviews. But since that already requires having Admin privileges (/branch_protections/ api otherwise return 403) CI is capable to bypass requirements. This makes branch protections pretty much useless (CI need to reimplement all of them).

Instead either https://github.com/go-gitea/gitea/issues/13879 should be addressed, getting branch protections definitions should not require admin privileges or it should be possible to enforce them even for admin privileged account

rudolphfroger-ds commented 1 year ago

GitHub has a nice setting for this:

image

I'd also want the owner of a repo to adhere to the same rules, even if they can technically circumvent them by adjusting branch protection.

Rainson12 commented 1 year ago

this is really anoying since its breaking our compliance as no one should be able to merge without approvals no matter whether he is owner of the organisation or owner of the repo.

gempir commented 1 year ago

Workaround:

Create a separate administrator account and remove yourself as an administrator.

rudolphfroger commented 1 year ago

I think the work-around is fairly useless if you have multiple owners in your organisation and then probably also one or more administrators per repository (to manage the repo settings). Then they all need to have two personal user accounts, one which is administrator and one which isn't. Each time you need to adjust some repository setting you need to switch accounts and not forget to switch back to the less privileged account.

gempir commented 1 year ago

Yeah I agree. That's why it's only a workaround. I would still like to see an option to either turn it off or hide the option more.

I recently setup a gitea instance for our team and added a few users as Admins and it got "abused" the next day skipping our CI and merging a tiny bit of bad code. Right now Admins are very powerful.

AverageHelper commented 9 months ago

+1

I don't want to be able to press the Big Scary Button by accident, even if there is a confirm dialog. (Is there such a dialog? I've never tried to use the Big Scary Button before as an admin.)