Show HN: Require approval to merge GitHub pull requests

This is neat! I&#x27;m excited to see things about the GitHub code review ecosystem improving. I&#x27;ve long wanted to see &quot;when tests pass and a reviewer :shipit:&#x27;s, then go ahead and merge the code&quot; bots.<p>I wrote a bot of my own, which I have at <a href="https:&#x2F;&#x2F;betterdiff.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;betterdiff.com&#x2F;</a> . The idea there is that instead of having humans go through and give cursory reviews, you have a round of automated review by robots (using normal, industry-standard tooling) and it comments on the PR just like a reviewer would. I&#x27;d love to hear your thoughts. :)

This is pretty cool. We built something similar internally at a previous company - very handy to enforce good development practices, and ensure that no unreviewed code is deployed to production for security purposes.

Some cool stuff here, though I think a demonstration video or fancy animation would be nice. Like someone else has mentioned, it&#x27;s a little intimidating to give full access just to see how it works -- you might convert more customers if they can see how it works and some common use cases before they need to commit the time to trying an integration.

It would be cool too if you could set conditions on when to merge. I finish a PR it&#x27;s kind of late :<p>Merge tomorrow 8am if tests passing etc.

I used to think that this was a really weird missing feature in Github. Then someone introduced me to true Gitflow using forked repos have used it with all teams since. With a forked repo someone with read access can post a PR to the originating repository without the ability to merge.<p>Does no one else use this methodology on their teams?

Does it support a dynamic reviewer? In other words, instead of assigning a person who approves pull requests, it would allow merging if at least one other person with write access approved the code.<p>That would be the main use case for the company I work at, right now we&#x27;re doing that manually by tagging and waiting for the response.

I received an unsolicited email from these guys. The email does not get subscribed to many things to keep volume low. Did they buy a bunch of addresses to spam?

Oh look, another tool to get in the way. Of course &quot;write&quot; access means &quot;merge&quot; access, they are the same thing. How about we try this thing called trusting the developers.<p>If you can&#x27;t trust your own developers, you have bigger problems then &quot;merge access&quot;.