Hi On 17.07.25 11:52, Cayetano Santos wrote:
So, ... what is the conclusion regarding approvals ? Do we have a policy about this ? I feel like approved changes get committers away from them, as there is no need for a review, already
I work at Paysafe, a >4k online payments company and my role is senior cloud architect/cloud ops engineer. I do a lot of IAAC and automation and we use GitLab for source code management, so it's quite similar to CodeBerg.
The way things are handled in our company is, that there is a number of approvers specified for the repository. This list equals the list of people who are able to merge into the main branch. Pushes to the main branch are forbidden entirely, the only way to get code into it is via PRs (Gitlab actually calls them "Merge Requests" but potato, potata). This is configured so that there always need to be two approvals, from the group of eligible approvers, to be able to merge the Request into the main branch. Everybody who has made a commit in the request is not able to approve. This ensures that there are always at 3 people who look at each change: The origial author and two reviewers. For high stakes changes, I sometimes also ask additional people to review, to make certain that the change was analyzed thoroughly, But that's convention, there is no techical enforcement for that. In fact it's not even convention, it just makes me feel more confident about my change. Once the request is approved, anyone from the review group and also the original author of the request can click the "Merge" button to merge the change into the main branch. We don't rely at signed commits at work, so I'm not familiar enought with them to know whether this could be a road-block. So maybe something like this could be implemented for Guix: There is a group of people who can approve PRs and once a PR is approved from at least 2 of those, any of them could hit the merge button. Because it feels odd that people are allowed to review submitted PRs and act as the quality gate, but then have to rely on someone else to do the actual merge. But on the other hand, maybe with signed commits, there is no other way to do this ¯\_(ツ)_/¯? nomike
