PullApprove is an alternative to CODEOWNERS, combining code ownership with approval requirements.
You can think of it as a framework for human code review.
Configuration is stored in CODEREVIEW.toml files and is designed to be highly auditable, scalable, and customizable.
CODEREVIEW.toml
PullApprove v5[large_scale_change]
reviewers = ["$global-approvers"]
require = 2
[[scopes]]
name = "global-approvers"
ownership = "global"
paths = ["**/*"]
request = 0
require = 1
reviewed_for = "required"
reviewers = ["$global-approvers"]
[[scopes]]
name = "minimum-review"
paths = ["**/*"]
request = 1
require = 1
reviewers = ["$core-developers"]
[[scopes]]
name = "security"
description = "Security-sensitive files which require extra review"
paths = [
"src/core/security/**/*",
"src/compiler/schema/**/*",
"src/platform/security/**/*",
"config/tsec-base.json",
"config/tsec-exemption.json",
"tools/security_scan.bzl",
"docs/security.md",
"examples/security/**/*",
]
reviewers = [
"alice",
"bob",
"carol",
"dave",
]
require = 2
request = -1
reviewed_for = "required"
author_value = 1
ownership = "append"
[[scopes]]
name = "general"
description = "General source code"
paths = [
"!src/core/primitives/",
"docs/public-api.md",
"integration/**/*",
"modules/**/*",
"src/**/*",
"examples/**/*",
]
reviewers = [
"alice",
"bob",
"carol",
"eve",
"frank",
]
alternates = [
"grace",
]
require = 1
request = 1
author_value = 1
Integrates with
Supported features:
- Path-based code ownership
- Line-based code ownership
- Overlapping code ownership
- Global approvers
- Review instructions
- Multiple configs per repo
- Config templates
- "Large scale changes"
- Review assignment based on PR author
- Git author detection
- Label automation
- Backup/alternate reviewers
"DoorDash has been using PullApprove Enterprise for the past several years to manage GitHub PR approvals for our organization. With hundreds of repos and thousands of users in our GitHub organization, PullApprove functionality is simple enough to handle small tool repos yet robust enough to manage approvals for large monorepos requiring a variety of team approval scenarios.
In times where DoorDash has stretched the bounds of PullApprove's operations, Dave has been very responsive and helpful in troubleshooting, root causing, and designing solutions to help scale out our installation. I would highly recommend PullApprove to other organizations needing an easy-to-use, easy-to-maintain, scalable solution to managing code approvals for their software teams."
PullApprove has undergone multiple iterations over the last ~10 years. It has been used by small teams, large companies, open source, public and private sectors. The latest version brings years of experience together to form a cohesive framework for your code review process.
For the developer:
- Low-friction - For the authors and reviewers, the day-to-day experience does not drastically change from what they're used to. They still discuss, review, and approve PRs using the official GitHub/GitLab/Bitbucket products, or their environment of choice.
- Automatic - As soon as a PR is opened, the appropriate reviewers are automatically requested and everyone is reminded of the process to get the PR merged.
- Clear - Designed to bring clarity at every step of the way — from the
CODEREVIEW.tomllayout to the PR comments and statuses.
For the organization:
- Customizable - A more configurable review assignment and approval requirement system than GitHub/GitLab/Bitbucket provide.
- Scalable - Designed to scale across hundreds of repos, inside of large monorepos, and for high volumes of activity.
- Auditable - The entire configuration is stored in the repo, so it can be easily audited using existing git tooling.