Skip to main content

Pull Request Process

This runbook defines the standard Pull Request (PR) process for repositories hosted on GitHub.

1. Creating a Pull Request

1.1 Create a Feature Branch

  • Branch from main
  • Ensure your local main is up to date before branching
  • Use a meaningful branch name with the JIRA ticket prefix

Format:JIRA-TICKET-short-description

Example:ND-0456-fix-navigation-bug

1.2 Create a Draft PR (If Not Ready)

If your change is not ready for review, open a Draft Pull Request.

Use Draft PR when:

  • Work is still in progress
  • Tests/checks are failing
  • You want early visibility but not formal review

Convert to Ready for Review only when:

  • Implementation is complete
  • All status checks pass

2. Pull Request Requirements

Before requesting review:

  • Provide a clear PR description
  • Link related issues (if applicable)
  • Ensure commits are clean and meaningful

3. Branch Protection Rules

The following branch protection rules are enforced:

3.1 Require Review from Code Owners

3.2 Require Approval of the Most Recent Reviewable Push

  • If new commits are pushed after approval, approval may be dismissed automatically
  • Re-approval will be required

Best practice: - Avoid pushing additional commits after approval unless necessary

3.3 Require Conversation Resolution Before Merging

  • All review comments must be resolved

3.4 Require Signed Commits

  • All commits must be signed using a verified GPG signing key.

3.5 Require Status Checks to Pass Before Merging

Pull requests cannot be merged unless all required checks are passing.

Static Code Analysis

We use Trivy and TfLint for static code analysis and security scanning.

If Static Code Analysis fails:

  1. Review scan output
  2. Fix reported issues
  3. Push changes
  4. Confirm check turns green

4. Review Process

  • Request Review

  • Address Feedback

    • Implement requested changes
    • Respond to review comments
    • Resolve conversations only after feedback is addressed

  • Merge PR

    • Confirm all branch protection requirements are satisfied
    • Ensure all required status checks are passing
    • Ensure Code Owner approval applies to the latest commit
    • Merge using Merge commit or Squash and merge (if standard)
    • Do not bypass branch protection rules

5. Post Merge

  • Confirm CI/CD workflow completes successfully
  • If repository deploys automatically, verify deployment status
  • Monitor for any failed workflows

Summary

All Pull Requests must:

  1. Be reviewed by Code Owners
  2. Have all conversations resolved
  3. Contain signed commits
  4. Pass all required status checks
  5. Meet branch protection requirements

Failure to meet any requirement will block merging.

This page was last reviewed on 17 February 2026. It needs to be reviewed again on 17 August 2026 by the page owner #nvvs-devops .