Disable Azure DevOps Pull Request being completed when Using Copado

Question

We are using Copado as part of our Salesforce Development / Deployment process, we are not using any Azure Pipelines. This issue I am having is that Copado requires that users MUST NOT Complete a Pull Request in Azure DevOps as that would merge the branches outside of Copado, and cause a whole world of pain.

Is there a way using branch policies / permissions to prevent reviewers from completing the Pull Request?

I have tried much Googling and searching on here, but have not found a solution to this particular issue, as Approvers have the ability to complete pull requests.

Answer 1

Is there a way using branch policies / permissions to prevent reviewers from completing the Pull Request?

Yes, you can.

From permission aspect, you can go to project settings -> Repositories -> Target repo -> Security page -> Find the user, and deny Contribute to pull requests permission.

so the user cannot approve/complete the pull request.

In addition, you can also use branch policy -> set Require a minimum number of reviewers. If there are only 5 members in the project, you can set the minimum number to 6 which is larger(please note the maximum number is 10). Also check Prohibit the most recent pusher from approving their own changes.

so that the requirements never meets and cannot be completed.

Remember that bypassing policies can be configured, so ensure that the user doesn't have Bypass policies when completing pull requests permission on the repo.

Answer 2

Well, you could complete the pull request to the default branch (main), but keep the commits of the PR. Then I assume you merge that outside of Azure DevOps and commit that to another branch. Would that work for you? That means you have one main branch that is polluted but your actual main branch will be fine. But no guards on that actual branch I suppose.