Ensuring that all changes are properly reviewed before they are merged into the main branch is important for maintaining code quality. GitHub provides several tools to help enforce branch policies, including settings to block merging of pull requests without required reviews. This guide details how to configure your GitHub repository to prevent merges without a review, enhancing your project's integrity and collaboration.
Understanding the need for pull request reviews
Pull request reviews are critical for:
- Catching bugs
- Ensuring code consistency
- Facilitating context sharing among team members
- Enhancing code quality through peer feedback
Steps to prevent unreviewed merges in GitHub
1. Navigate to your repository settings
Start by going to your GitHub repository page. Click on "Settings" near the top right of the page, then on the left sidebar, click on "Branches" under the "Code and automation" section.
2. Set up branch protection rules
In the "Branches" section, you’ll find the "Branch protection rules" area. Click on "Add rule" to create a new branch protection rule.
3. Apply the rule to the main branch
Specify the branch name in the "Branch name pattern" field. Typically, this would be main or whichever other branch you are using as your mainline where merges should be controlled.
4. Enable required reviews
Under "Protect matching branches," find and check the option "Require pull request reviews before merging." This setting does the following:
- Disables direct commits to the protected branches.
- Requires that all pull requests must be reviewed and approved before merging.
5. Additional review restrictions (optional)
For additional control, you might consider these options:
- Require review from Code Owners: If you use a CODEOWNERS file, you can enforce that only code owners can approve changes to certain parts of the code.
- Dismiss stale pull request approvals when new commits are pushed: This ensures that approvals are only valid for the current state of the pull request, requiring re-review if further changes are made after approval.
6. Block the merge operations
To fully ensure that no merges occur without review, check the following options under the same settings:
- Don't allow merging with unresolved conversations: Prevents merging until all comment threads are resolved.
- Include administrators: Applies the same rules to administrators to ensure that no one can bypass the review requirements.
7. Save the changes
After configuring the settings, click on "Save changes" at the bottom of the page to enforce the new branch protection rules.