Require approval from a human (i.e. user 'danny') before MRs can be merged #39
Labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
keyop-go/nfq_forwarder#39
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Currently the gitlab project workflow allows MRs to be merged even if they haven't been approved, which is a risk.
changed the description
mentioned in issue #40
marked as related to #40
Investigation findings.
This GitLab instance runs the Enterprise Edition codebase but without an active Premium/Ultimate license - confirmed by testing both mechanisms for requiring approval before merge:
approvals_before_mergeproject setting: a write to it via the API is silently accepted but has no effect (reads back as0regardless).approval_rulesAPI: returns403 Forbidden.Both are consistent with "Merge request approvals" being a licensed-only feature not available on this instance - effectively we only have Community Edition-level capability here. There is no supported way to enforce a required human approval on this GitLab instance as it's currently licensed.
Danny confirmed buying a Premium/Ultimate license isn't an option. The agreed path forward: #40 tracks migrating this project to Forgejo (Danny's planned infrastructure), which has license-free branch protection with required-approval support - that's the actual fix for this ticket. Linked #40 here as
relates_to(GitLab'sblockslink type is also license-gated on this instance, so I couldn't set a formal blocking relationship - #40 blocks this one in spirit).In the meantime this remains a documented process/convention only: I do not merge my own MRs without your explicit review and go-ahead, same as every MR this session. Two minor hardening settings did take effect and are staying on regardless:
merge_requests_author_approval: falseandmerge_requests_disable_committers_approval: true(both already prevented/now prevent an MR's own author or committer from approving it, for whatever that's worth without a required-approval count backing it up).Leaving this open, blocked on #40.
mentioned in issue danny/cs-bifrost#8
mentioned in issue danny/cs-bifrost#6