-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force push does not invalidate existing approved reviews #677
Comments
It’s always been the case, and I think it aligns with our rules defined in |
If there is one review after the last force push, then CQ will merge it, right? I think it's still open to abuse (and a bug). |
That's correct.
What abuse do you have in mind?
What do you think should be the correct behavior? |
If person X opens a pull-request and receive 2+ reviews (from Y and Z), he could force-push couple of hours before the 48 hour window. There is a pattern of Node.js collaborators of approving already approved pull-request without thorough reviews, and this pattern will lead to approving that force-pushed branch, which will merge by CQ. I just summarized a method of pushing unwanted code to main, but in general, the code that Y signed, reviewed and approved does not exist anymore, but when CQ merges the pull-request it will add comment to the commit saying |
@aduh95 For example: I force pushed, nobody reviewed it, and it still got merged by CQ. (Reference: nodejs/node#46904) |
I think that’s definitely a bug. Note that Jacob did review it (but didn’t approve it), so maybe that explains why the CQ didn’t flag it. |
Why would force-pushing be different than pushing additional commits though? In both cases, the end result (the code actually being merged) can be very different from the one that was reviewed (the only difference I can see is that force pushing creates a much worse reviewing experience).
That’s a different issue, folks should not do that (and I don’t know on what info you base this affirmation, I’m not sure it’s even true, but it’s not worth discussing anyway, as it’s besides your point)
Yes and no, we expect the author to re-request reviews when the code changed significantly since the review. In most cases though, the code does not change significantly, so it actually makes more sense to keep the complete list of the reviewers. |
There's apparently a little bug to fix, but I think we should also not aim to rely only on automation and keep trust in collaborators. It's rarely a big issue if something bad lands on |
Should we close this as Won't fix? It seems most folks are happy to be listed as an approver wether or not there was a force-push, and as said above regular pushes can also change drastically what the PR does. Now that #680 has been released, the CQ should never land a PR if there wasn't at least one approving review from someone with commit access (which was an issue reported in #677 (comment)), and the rest of this ticket seems like a non-issue to me. |
This might be the case for patch/semver-minor PRs, but I can argue that might be bad for semver-major PRs. |
I believe this is a good idea I accidently caused a bug in this PR (but later I fixed it with another PR) it wasn't caught because my PR was already approved by everyone |
If the author force pushes to their branch after a reviewer approved it, I assumed that it would invalidate existing approved reviews, since the code that was reviewed is changed. But right now approved reviews count as valid ones, and might lead to unwanted code to be merged to main.
Example nodejs/node#46904
The text was updated successfully, but these errors were encountered: