debian-mirror-gitlab/doc/api/merge_request_approvals.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

1128 lines
38 KiB
Markdown
Raw Normal View History

2020-10-24 23:57:45 +05:30
---
stage: Create
group: Source Code
2021-02-22 17:27:13 +05:30
info: "To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments"
2020-10-24 23:57:45 +05:30
---
2021-03-11 19:13:27 +05:30
# Merge request approvals API **(PREMIUM)**
2019-09-04 21:01:54 +05:30
2021-04-29 21:17:54 +05:30
Configuration for
2021-06-08 01:23:25 +05:30
[approvals on all merge requests](../user/project/merge_requests/approvals/index.md)
2021-04-29 21:17:54 +05:30
in the project. Must be authenticated for all endpoints.
2019-09-04 21:01:54 +05:30
## Project-level MR approvals
### Get Configuration
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
You can request information about a project's approval configuration using the
following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
GET /projects/:id/approvals
```
**Parameters:**
| Attribute | Type | Required | Description |
| --------- | ------- | -------- | ------------------- |
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-09-04 21:01:54 +05:30
```json
{
"approvals_before_merge": 2,
"reset_approvals_on_push": true,
2020-03-13 15:44:24 +05:30
"disable_overriding_approvers_per_merge_request": false,
"merge_requests_author_approval": true,
"merge_requests_disable_committers_approval": false,
"require_password_to_approve": true
2019-09-04 21:01:54 +05:30
}
```
### Change configuration
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
If you are allowed to, you can change approval configuration using the following
endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
POST /projects/:id/approvals
```
**Parameters:**
2019-10-12 21:52:04 +05:30
| Attribute | Type | Required | Description |
| ------------------------------------------------ | ------- | -------- | --------------------------------------------------------------------------------------------------- |
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
| `approvals_before_merge` | integer | no | How many approvals are required before an MR can be merged. Deprecated in 12.0 in favor of Approval Rules API. |
2019-10-12 21:52:04 +05:30
| `reset_approvals_on_push` | boolean | no | Reset approvals on a new push |
2022-05-07 20:08:51 +05:30
| `disable_overriding_approvers_per_merge_request` | boolean | no | Allow or prevent overriding approvers per MR |
| `merge_requests_author_approval` | boolean | no | Allow or prevent authors from self approving merge requests; `true` means authors can self approve |
| `merge_requests_disable_committers_approval` | boolean | no | Allow or prevent committers from self approving merge requests |
2021-01-03 14:25:43 +05:30
| `require_password_to_approve` | boolean | no | Require approver to enter a password to authenticate before adding the approval |
2019-09-04 21:01:54 +05:30
```json
{
2019-12-04 20:38:33 +05:30
"approvals_before_merge": 2,
"reset_approvals_on_push": true,
"disable_overriding_approvers_per_merge_request": false,
"merge_requests_author_approval": false,
2020-03-13 15:44:24 +05:30
"merge_requests_disable_committers_approval": false,
"require_password_to_approve": true
2019-12-04 20:38:33 +05:30
}
```
### Get project-level rules
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2021-11-11 11:23:49 +05:30
> - `protected_branches` property was [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/460) in GitLab 12.7.
2019-12-04 20:38:33 +05:30
You can request information about a project's approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
GET /projects/:id/approval_rules
```
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|-----------------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
```json
[
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
2019-09-04 21:01:54 +05:30
"id": 5,
2019-12-04 20:38:33 +05:30
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
2019-09-04 21:01:54 +05:30
}
2019-12-04 20:38:33 +05:30
],
"approvals_required": 3,
"users": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
2019-09-04 21:01:54 +05:30
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
2019-12-04 20:38:33 +05:30
],
2020-03-13 15:44:24 +05:30
"protected_branches": [
{
"id": 1,
"name": "master",
"push_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"merge_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"unprotect_access_levels": [
{
"access_level": 40,
"access_level_description": "Maintainers"
}
],
"code_owner_approval_required": "false"
}
],
2019-12-04 20:38:33 +05:30
"contains_hidden_groups": false
}
]
```
2021-02-22 17:27:13 +05:30
### Get a single project-level rule
2021-11-18 22:05:49 +05:30
> Introduced in GitLab 13.7.
2021-02-22 17:27:13 +05:30
You can request information about a single project approval rules using the following endpoint:
```plaintext
GET /projects/:id/approval_rules/:approval_rule_id
```
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|-----------------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2021-02-22 17:27:13 +05:30
| `approval_rule_id` | integer | yes | The ID of a approval rule |
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 3,
"users": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
"protected_branches": [
{
"id": 1,
"name": "master",
"push_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"merge_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"unprotect_access_levels": [
{
"access_level": 40,
"access_level_description": "Maintainers"
}
],
"code_owner_approval_required": "false"
}
],
"contains_hidden_groups": false
}
```
2019-12-04 20:38:33 +05:30
### Create project-level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
2022-04-04 11:22:00 +05:30
WARNING:
The Vulnerability-Check feature, including the Vulnerability-Check attributes listed here, is in its
end-of-life process. It is [deprecated](../update/deprecations.md#vulnerability-check)
2022-06-21 17:19:12 +05:30
in GitLab 14.8, and is planned for removal in GitLab 15.0. Users should migrate to the new
2022-04-04 11:22:00 +05:30
[Security Approval Policies](../user/application_security/policies/#scan-result-policy-editor).
2019-12-04 20:38:33 +05:30
You can create project approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
POST /projects/:id/approval_rules
```
**Parameters:**
2020-03-13 15:44:24 +05:30
| Attribute | Type | Required | Description |
|------------------------|---------|----------|------------------------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2020-03-13 15:44:24 +05:30
| `name` | string | yes | The name of the approval rule |
| `approvals_required` | integer | yes | The number of required approvals for this rule |
2021-11-18 22:05:49 +05:30
| `rule_type` | string | no | The type of rule. `any_approver` is a pre-configured default rule with `approvals_required` at `0`. Other rules are `regular`.
2020-03-13 15:44:24 +05:30
| `user_ids` | Array | no | The ids of users as approvers |
| `group_ids` | Array | no | The ids of groups as approvers |
2022-01-26 12:08:38 +05:30
| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). |
2022-04-04 11:22:00 +05:30
| `report_type` | string | no | The report type required when the rule type is `report_approver`. The supported report types are: `vulnerability`, `license_scanning`, `code_coverage`. The `vulnerability` report type is part of the Vulnerability-Check feature, which deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `scanners` | Array | no | The security scanners the Vulnerability-Check approval rule considers. The supported scanners are: `sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing`. Defaults to all supported scanners. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `severity_levels` | Array | no | The severity levels the Vulnerability-Check approval rule considers. The supported severity levels are: `info`, `unknown`, `low`, `medium`, `high`, `critical`. Defaults to `unknown`, `high`, and `critical`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `vulnerabilities_allowed` | integer | no | The number of vulnerabilities allowed for the Vulnerability-Check approval rule. Defaults to `0`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `vulnerability_states` | Array | no | The vulnerability states the Vulnerability-Check approval rule considers. The supported vulnerability states are: `newly_detected` (default), `detected`, `confirmed`, `resolved`, `dismissed`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
2019-12-04 20:38:33 +05:30
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
2019-09-04 21:01:54 +05:30
}
],
2019-12-04 20:38:33 +05:30
"approvals_required": 1,
"users": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
2020-03-13 15:44:24 +05:30
"protected_branches": [
{
"id": 1,
"name": "master",
"push_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"merge_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"unprotect_access_levels": [
{
"access_level": 40,
"access_level_description": "Maintainers"
}
],
"code_owner_approval_required": "false"
}
],
2019-12-04 20:38:33 +05:30
"contains_hidden_groups": false
2019-09-04 21:01:54 +05:30
}
```
2021-11-18 22:05:49 +05:30
You can increase the default number of 0 required approvers like this:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--header 'Content-Type: application/json' \
--data '{"name": "Any name", "rule_type": "any_approver", "approvals_required": 2}'
```
Another example is creating an additional, user-specific rule:
```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \
--header 'Content-Type: application/json' \
--data '{"name": "Name of your rule", "approvals_required": 3, "user_ids": [123, 456, 789]}' \
https://gitlab.example.com/api/v4/projects/<project_id>/approval_rules
```
2019-12-04 20:38:33 +05:30
### Update project-level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
2022-04-04 11:22:00 +05:30
WARNING:
The Vulnerability-Check feature, including the Vulnerability-Check attributes listed here, is in its
end-of-life process. It is [deprecated](../update/deprecations.md#vulnerability-check)
2022-06-21 17:19:12 +05:30
in GitLab 14.8, and is planned for removal in GitLab 15.0. Users should migrate to the new
2022-04-04 11:22:00 +05:30
[Security Approval Policies](../user/application_security/policies/#scan-result-policy-editor).
2019-12-04 20:38:33 +05:30
You can update project approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
PUT /projects/:id/approval_rules/:approval_rule_id
```
2021-04-17 20:07:23 +05:30
**Important:** Approvers and groups not in the `users`/`groups` parameters are **removed**
2019-12-04 20:38:33 +05:30
**Parameters:**
2020-03-13 15:44:24 +05:30
| Attribute | Type | Required | Description |
|------------------------|---------|----------|------------------------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2020-03-13 15:44:24 +05:30
| `approval_rule_id` | integer | yes | The ID of a approval rule |
| `name` | string | yes | The name of the approval rule |
| `approvals_required` | integer | yes | The number of required approvals for this rule |
| `user_ids` | Array | no | The ids of users as approvers |
| `group_ids` | Array | no | The ids of groups as approvers |
2022-01-26 12:08:38 +05:30
| `protected_branch_ids` | Array | no | The IDs of protected branches to scope the rule by. To identify the ID, [use the API](protected_branches.md#list-protected-branches). |
2022-04-04 11:22:00 +05:30
| `scanners` | Array | no | The security scanners the Vulnerability-Check approval rule considers. The supported scanners are: `sast`, `secret_detection`, `dependency_scanning`, `container_scanning`, `dast`, `coverage_fuzzing`, `api_fuzzing`. Defaults to all supported scanners. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `severity_levels` | Array | no | The severity levels the Vulnerability-Check approval rule considers. The supported severity levels are: `info`, `unknown`, `low`, `medium`, `high`, `critical`. Defaults to `unknown`, `high`, and `critical`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `vulnerabilities_allowed` | integer | no | The number of vulnerabilities allowed for the Vulnerability-Check approval rule. Defaults to `0`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
| `vulnerability_states` | Array | no | The vulnerability states the Vulnerability-Check approval rule considers. The supported vulnerability states are: `newly_detected` (default), `detected`, `confirmed`, `resolved`, `dismissed`. Deprecated in GitLab 14.8, and planned for removal in GitLab 15.0. |
2019-12-04 20:38:33 +05:30
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 1,
"users": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
2020-03-13 15:44:24 +05:30
"protected_branches": [
{
"id": 1,
"name": "master",
"push_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"merge_access_levels": [
{
"access_level": 30,
"access_level_description": "Developers + Maintainers"
}
],
"unprotect_access_levels": [
{
"access_level": 40,
"access_level_description": "Maintainers"
}
],
"code_owner_approval_required": "false"
}
],
2019-12-04 20:38:33 +05:30
"contains_hidden_groups": false
}
```
### Delete project-level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can delete project approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
DELETE /projects/:id/approval_rules/:approval_rule_id
```
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|-----------------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
| `approval_rule_id` | integer | yes | The ID of a approval rule
2022-04-04 11:22:00 +05:30
## Merge request-level MR approvals
2019-09-04 21:01:54 +05:30
2022-04-04 11:22:00 +05:30
Configuration for approvals on a specific merge request. Must be authenticated for all endpoints.
2019-09-04 21:01:54 +05:30
### Get Configuration
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
You can request information about a merge request's approval status using the
following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
GET /projects/:id/merge_requests/:merge_request_iid/approvals
```
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|---------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-09-04 21:01:54 +05:30
| `merge_request_iid` | integer | yes | The IID of MR |
```json
{
"id": 5,
"iid": 5,
"project_id": 1,
"title": "Approvals API",
"description": "Test",
"state": "opened",
"created_at": "2016-06-08T00:19:52.638Z",
"updated_at": "2016-06-08T21:20:42.470Z",
"merge_status": "cannot_be_merged",
"approvals_required": 2,
"approvals_left": 1,
"approved_by": [
{
"user": {
"name": "Administrator",
"username": "root",
"id": 1,
"state": "active",
"avatar_url": "http://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80\u0026d=identicon",
2019-09-30 21:07:59 +05:30
"web_url": "http://localhost:3000/root"
2019-09-04 21:01:54 +05:30
}
}
2021-06-08 01:23:25 +05:30
]
2019-09-04 21:01:54 +05:30
}
```
### Change approval configuration
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
If you are allowed to, you can change `approvals_required` using the following
endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
POST /projects/:id/merge_requests/:merge_request_iid/approvals
```
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|--------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-09-04 21:01:54 +05:30
| `merge_request_iid` | integer | yes | The IID of MR |
2019-12-04 20:38:33 +05:30
| `approvals_required` | integer | yes | Approvals required before MR can be merged. Deprecated in 12.0 in favor of Approval Rules API. |
2019-09-04 21:01:54 +05:30
```json
{
"id": 5,
"iid": 5,
"project_id": 1,
"title": "Approvals API",
"description": "Test",
"state": "opened",
"created_at": "2016-06-08T00:19:52.638Z",
"updated_at": "2016-06-08T21:20:42.470Z",
"merge_status": "cannot_be_merged",
"approvals_required": 2,
"approvals_left": 2,
2019-12-04 20:38:33 +05:30
"approved_by": []
2019-09-04 21:01:54 +05:30
}
```
2019-12-04 20:38:33 +05:30
### Get the approval state of merge requests
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13712) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can request information about a merge request's approval state by using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
GET /projects/:id/merge_requests/:merge_request_iid/approval_state
```
2021-04-17 20:07:23 +05:30
The `approval_rules_overwritten` are `true` if the merge request level rules
are created for the merge request. If there are none, it is `false`.
2019-12-04 20:38:33 +05:30
This includes additional information about the users who have already approved
(`approved_by`) and whether a rule is already approved (`approved`).
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|---------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
| `merge_request_iid` | integer | yes | The IID of MR |
```json
{
"approval_rules_overwritten": true,
"rules": [
{
"id": 1,
"name": "Ruby",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 4,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"approvals_required": 2,
"users": [
{
"id": 4,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [],
"contains_hidden_groups": false,
"approved_by": [
{
"id": 4,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"source_rule": null,
2020-04-22 19:07:51 +05:30
"approved": true,
"overridden": false
2019-12-04 20:38:33 +05:30
}
]
}
```
### Get merge request level rules
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/13712) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can request information about a merge request's approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
GET /projects/:id/merge_requests/:merge_request_iid/approval_rules
```
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|---------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
| `merge_request_iid` | integer | yes | The IID of MR |
```json
[
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 3,
"source_rule": null,
"users": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
2020-04-22 19:07:51 +05:30
"contains_hidden_groups": false,
"overridden": false
2019-12-04 20:38:33 +05:30
}
]
```
2022-06-21 17:19:12 +05:30
### Get a single merge request level rule
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/82767) in GitLab 14.10.
You can request information about a single merge request approval rule using the following endpoint:
```plaintext
GET /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id
```
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|------------------------------------------------------------------------------|
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). |
| `merge_request_iid` | integer | yes | The IID of a merge request. |
| `approval_rule_id` | integer | yes | The ID of an approval rule. |
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 3,
"source_rule": null,
"users": [
{
"id": 5,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
"contains_hidden_groups": false,
"overridden": false
}
```
2019-12-04 20:38:33 +05:30
### Create merge request level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can create merge request approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
POST /projects/:id/merge_requests/:merge_request_iid/approval_rules
```
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------------|---------|----------|------------------------------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2019-12-04 20:38:33 +05:30
| `merge_request_iid` | integer | yes | The IID of MR |
| `name` | string | yes | The name of the approval rule |
| `approvals_required` | integer | yes | The number of required approvals for this rule |
| `approval_project_rule_id` | integer | no | The ID of a project-level approval rule |
| `user_ids` | Array | no | The ids of users as approvers |
| `group_ids` | Array | no | The ids of groups as approvers |
**Important:** When `approval_project_rule_id` is set, the `name`, `users` and
2021-04-17 20:07:23 +05:30
`groups` of project-level rule are copied. The `approvals_required` specified
is used.
2019-12-04 20:38:33 +05:30
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 1,
"source_rule": null,
"users": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
2020-04-22 19:07:51 +05:30
"contains_hidden_groups": false,
"overridden": false
2019-12-04 20:38:33 +05:30
}
```
### Update merge request level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can update merge request approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2020-03-13 15:44:24 +05:30
PUT /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id
2019-12-04 20:38:33 +05:30
```
2021-04-17 20:07:23 +05:30
**Important:** Approvers and groups not in the `users`/`groups` parameters are **removed**
2019-12-04 20:38:33 +05:30
**Important:** Updating a `report_approver` or `code_owner` rule is not allowed.
These are system generated rules.
**Parameters:**
| Attribute | Type | Required | Description |
|----------------------|---------|----------|------------------------------------------------|
2022-06-21 17:19:12 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding). |
| `merge_request_iid` | integer | yes | The IID of a merge request. |
| `approval_rule_id` | integer | yes | The ID of an approval rule. |
| `name` | string | yes | The name of the approval rule. |
| `approvals_required` | integer | yes | The number of required approvals for this rule. |
| `user_ids` | Array | no | The IDs of users as approvers. |
| `group_ids` | Array | no | The IDs of groups as approvers. |
2019-12-04 20:38:33 +05:30
```json
{
"id": 1,
"name": "security",
"rule_type": "regular",
"eligible_approvers": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
},
{
"id": 50,
"name": "Group Member 1",
"username": "group_member_1",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/group_member_1"
}
],
"approvals_required": 1,
"source_rule": null,
"users": [
{
"id": 2,
"name": "John Doe",
"username": "jdoe",
"state": "active",
"avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
"web_url": "http://localhost/jdoe"
}
],
"groups": [
{
"id": 5,
"name": "group1",
"path": "group1",
"description": "",
"visibility": "public",
"lfs_enabled": false,
"avatar_url": null,
"web_url": "http://localhost/groups/group1",
"request_access_enabled": false,
"full_name": "group1",
"full_path": "group1",
"parent_id": null,
"ldap_cn": null,
"ldap_access": null
}
],
2020-04-22 19:07:51 +05:30
"contains_hidden_groups": false,
"overridden": false
2019-12-04 20:38:33 +05:30
}
```
### Delete merge request level rule
2021-03-11 19:13:27 +05:30
> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/11877) in GitLab 12.3.
> - Moved to GitLab Premium in 13.9.
2019-12-04 20:38:33 +05:30
You can delete merge request approval rules using the following endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-12-04 20:38:33 +05:30
DELETE /projects/:id/merge_requests/:merge_request_iid/approval_rules/:approval_rule_id
```
**Important:** Deleting a `report_approver` or `code_owner` rule is not allowed.
These are system generated rules.
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|---------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2021-09-04 01:27:46 +05:30
| `merge_request_iid` | integer | yes | The IID of the merge request |
| `approval_rule_id` | integer | yes | The ID of an approval rule |
2019-12-04 20:38:33 +05:30
2022-04-04 11:22:00 +05:30
## Approve merge request
2019-09-04 21:01:54 +05:30
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
If you are allowed to, you can approve a merge request using the following
endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
POST /projects/:id/merge_requests/:merge_request_iid/approve
```
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|-------------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2021-09-04 01:27:46 +05:30
| `merge_request_iid` | integer | yes | The IID of the merge request |
| `sha` | string | no | The `HEAD` of the merge request |
2021-11-11 11:23:49 +05:30
| `approval_password` | string | no | Current user's password. Required if [**Require user password to approve**](../user/project/merge_requests/approvals/settings.md#require-user-password-to-approve) is enabled in the project settings. |
2019-09-04 21:01:54 +05:30
The `sha` parameter works in the same way as
2022-04-04 11:22:00 +05:30
when [accepting a merge request](merge_requests.md#merge-a-merge-request): if it is passed, then it must
2019-09-04 21:01:54 +05:30
match the current HEAD of the merge request for the approval to be added. If it
2021-04-17 20:07:23 +05:30
does not match, the response code is `409`.
2019-09-04 21:01:54 +05:30
```json
{
"id": 5,
"iid": 5,
"project_id": 1,
"title": "Approvals API",
"description": "Test",
"state": "opened",
"created_at": "2016-06-08T00:19:52.638Z",
"updated_at": "2016-06-09T21:32:14.105Z",
"merge_status": "can_be_merged",
"approvals_required": 2,
"approvals_left": 0,
"approved_by": [
{
"user": {
"name": "Administrator",
"username": "root",
"id": 1,
"state": "active",
"avatar_url": "http://www.gravatar.com/avatar/e64c7d89f26bd1972efa854d13d7dd61?s=80\u0026d=identicon",
2019-09-30 21:07:59 +05:30
"web_url": "http://localhost:3000/root"
2019-09-04 21:01:54 +05:30
}
},
{
"user": {
"name": "Nico Cartwright",
"username": "ryley",
"id": 2,
"state": "active",
"avatar_url": "http://www.gravatar.com/avatar/cf7ad14b34162a76d593e3affca2adca?s=80\u0026d=identicon",
2019-09-30 21:07:59 +05:30
"web_url": "http://localhost:3000/ryley"
2019-09-04 21:01:54 +05:30
}
}
2021-06-08 01:23:25 +05:30
]
2019-09-04 21:01:54 +05:30
}
```
2022-04-04 11:22:00 +05:30
## Unapprove merge request
2019-09-04 21:01:54 +05:30
2021-11-18 22:05:49 +05:30
> Moved to GitLab Premium in 13.9.
2019-09-04 21:01:54 +05:30
If you did approve a merge request, you can unapprove it using the following
endpoint:
2020-04-08 14:13:33 +05:30
```plaintext
2019-09-04 21:01:54 +05:30
POST /projects/:id/merge_requests/:merge_request_iid/unapprove
```
**Parameters:**
| Attribute | Type | Required | Description |
|---------------------|---------|----------|---------------------|
2021-09-30 23:02:18 +05:30
| `id` | integer or string | yes | The ID or [URL-encoded path of a project](index.md#namespaced-path-encoding) |
2021-09-04 01:27:46 +05:30
| `merge_request_iid` | integer | yes | The IID of a merge request |