Reviewed Source
Simple pull request based workflow where all changes are reviewed by expert code maintainers before release.
Reviewed Source is best for critical production services. It’s a simple feature-branch based workflow using pull requests. Expert maintainers review all changes before release. You can use semver git tags to label releases, trigger beta and production builds and enable old version support as required.
Recommended branching model patterns explained in under 7 minutes!
Branching Model
Release your work by creating a new branch named as your wish from main, commit your work to this branch and then push to the GitHub origin. Create a GitHub pull request to allow maintainer review of your change before making any adjustments and merging your work via the GitHub UI after their approval.
Setup
This guide shows you how to setup the reviewed source pattern for a repository.
1. Use Codebase Governor
Manual setup is error-prone, so use Codebase Governor (CBG). This defines access and branch protection using YAML config files in the org-config repository.
- Your repository is probably already configured by CBG – to find out search for your repository in the service catalogue. The catalogue page links to your repository config if already managed. You can update the config in this file by creating a new branch and raising a pull request.
- If there is no existing CBG config you need to start using Codebase Governor. This has an initial learning curve but saves you time especially if you manage many repositories. Support is available from the inner source team.
2. Access Control
Owner and Maintainers
- By configuring your repository with Codebase Governor, it’s part of a group of repositories called a capability.
- The capability name is the directory in which you stored your repository config file in org-config.
- If the capability name was
example-name, reference the owner using theowner-cap-example-nameteam and the maintainers asmaintainers-cap-example-nameteam. - You define the membership of these teams in the
_defaults.ymlcapability defaults file in the same directory as your repository config file in org-config. - These teams are automatically granted admin permissions on all repositories within the capability.
Admins, Contributors & Readers
Choose the access model most appropriate to your repository. Apply this access model also through Codebase Governor. For example, to apply the Open Contribution access model:
# enforce no admins other than owner & maintainers
admins: {}
# allow contribution from any member of Flutter-Global
contributors:
teams:
- all-flutter-global
3. CODEOWNERS
The CODEOWNERS file in the root directory of your repository has a special meaning in GitHub. To ensure maintainers review changes it must exist and reference the maintainer team using the content:
# replace 'example-name' with your capability name:
* @Flutter-Global/maintainers-cap-example-name
4. Branch Protection
Add the following to your Codebase Governor repository config file:
branch-protections:
- patterns:
- "main"
parameters:
required-reviews-count: 1
requires-codeowner-reviews: true
Note if your repository is older and uses master as the default branch, specify that pattern rather than main.
5. Tag Protection
If using semver tags prefixed with a v on the repository to trigger releases and builds you also need to protect them. Create a tag protection rule:
- Use the GitHub web interface to view your repository settings (the “Settings” tab).
- Navigate to the “tags” section.
- Add a tag protection rule using the
v*pattern.
