github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-13 02:57:44 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Code Owners feature not enforceable #13737

New Issue
Open
opened 2025-11-02 10:51:46 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-02 10:51:46 -06:00
Owner
Copy Link

Originally created by @sandeep0027 on GitHub (Nov 21, 2024).

Description

Hi

I have been trying to make use of the Code Owners feature where a CODEOWNERS file can be added to the repository and different users or teams can be assigned as code owners for different files/folders. However I have noticed that although it works fine and adds the appropriate code owners as defined in the CODEOWNERS file as reviewers when changes are made to those files, the reviews from those users/teams are not enforced.

If any other user with write access to the repository and not a code owner for that particular file approves the Pull request with the change it still counts as a valid approval. Similarly if there are whitelisted users on the branch and any whitelisted user approves the change, it still counts as valid approval even though the code owner for that particular file might not have approved. There is no option to "Require review from Code Owners" in the branch protection rules. Such feature exists in GitHub and Azure repos. Do you guys plan to add this capability to gitea as well ?

Without the ability to require approval from owners of changed file, the Code owners feature is not fully effective as any other users or users not part of team (if teams are reviewers) can also approve changes and it counts as valid review. If there is a code owner listed for a file, there should be an option to require the approval from the code owner.

Gitea Version

1.21.11

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I am running Gitea instance in a container on Red Hat OpenShift platform.

Database

None

Originally created by @sandeep0027 on GitHub (Nov 21, 2024). ### Description Hi I have been trying to make use of the Code Owners feature where a CODEOWNERS file can be added to the repository and different users or teams can be assigned as code owners for different files/folders. However I have noticed that although it works fine and adds the appropriate code owners as defined in the CODEOWNERS file as reviewers when changes are made to those files, the reviews from those users/teams are not enforced. If any other user with write access to the repository and not a code owner for that particular file approves the Pull request with the change it still counts as a valid approval. Similarly if there are whitelisted users on the branch and any whitelisted user approves the change, it still counts as valid approval even though the code owner for that particular file might not have approved. There is no option to **"Require review from Code Owners"** in the branch protection rules. Such feature exists in GitHub and Azure repos. Do you guys plan to add this capability to gitea as well ? Without the ability to require approval from owners of changed file, the Code owners feature is not fully effective as any other users or users not part of team (if teams are reviewers) can also approve changes and it counts as valid review. If there is a code owner listed for a file, there should be an option to require the approval from the code owner. ### Gitea Version 1.21.11 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? I am running Gitea instance in a container on Red Hat OpenShift platform. ### Database None
GiteaMirror added the type/proposal label 2025-11-02 10:51:46 -06:00
GiteaMirror commented 2025-11-02 10:51:48 -06:00
Author
Owner
Copy Link

@a1012112796 commented on GitHub (Dec 6, 2024):

In curent design, only review request to official reviewer will be mark as official review request, which can be uesd to block pull request. see: https://github.com/go-gitea/gitea/pull/13705

@a1012112796 commented on GitHub (Dec 6, 2024): In curent design, only review request to official reviewer will be mark as `official review request`, which can be uesd to block pull request. see: https://github.com/go-gitea/gitea/pull/13705
GiteaMirror commented 2025-11-02 10:51:48 -06:00
Author
Owner
Copy Link

@sandeep0027 commented on GitHub (Dec 9, 2024):

In curent design, only review request to official reviewer will be mark as official review request, which can be uesd to block pull request. see: #13705

This option is not fully effective either. If there is a Team added as a reviewer in the Code Owners file and even if the "Block merge on official review requests" option is checked in branch protection, if any other user who is not part of the team approves the pull request it still counts as valid approval. If there are whitelisted users on the branch, than approval from any whitelisted user counts (even if they are not part of team added as reviewer) and if there are no whitelisted users than approval from any user counts (even if they are not part of the team).

With individual reviewers as well, "Block merge on official review requests" is only effective if the reviewer added is whitelisted approver on the branch as well. If the reviewer added by Code Owners is not a whitelisted approver and another whitelisted user approves the PR, it would still count as valid approval. I think if there is a Code Owner present, the approval from a code owner should be mandatory. If there is a Team as code owner, than approval from members of that team should be mandatory.

@sandeep0027 commented on GitHub (Dec 9, 2024): > In curent design, only review request to official reviewer will be mark as `official review request`, which can be uesd to block pull request. see: #13705 This option is not fully effective either. If there is a Team added as a reviewer in the Code Owners file and even if the "Block merge on official review requests" option is checked in branch protection, if any other user who is not part of the team approves the pull request it still counts as valid approval. If there are whitelisted users on the branch, than approval from any whitelisted user counts (even if they are not part of team added as reviewer) and if there are no whitelisted users than approval from any user counts (even if they are not part of the team). With individual reviewers as well, "Block merge on official review requests" is only effective if the reviewer added is whitelisted approver on the branch as well. If the reviewer added by Code Owners is not a whitelisted approver and another whitelisted user approves the PR, it would still count as valid approval. I think if there is a Code Owner present, the approval from a code owner should be mandatory. If there is a Team as code owner, than approval from members of that team should be mandatory.
GiteaMirror commented 2025-11-02 10:51:48 -06:00
Author
Owner
Copy Link

@fechnert commented on GitHub (Jan 14, 2025):

It would be very cool to have enforceable required approvals based on the codeowner settings, with project settings as a fallback.

Example:

  • Per default (project wise) require approvals from anyone in the "developer" team
  • Require approval of the "maintenance" team if the requirement file was changed

Similar to GitLab's "Code Owners and approval rules"

@fechnert commented on GitHub (Jan 14, 2025): It would be very cool to have enforceable required approvals based on the codeowner settings, with project settings as a fallback. Example: - Per default (project wise) require approvals from anyone in the "developer" team - Require approval of the "maintenance" team if the requirement file was changed Similar to GitLab's "[Code Owners and approval rules](https://docs.gitlab.com/ee/user/project/codeowners/#code-owners-and-approval-rules)"
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/proposal
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#13737
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?