Read Anthropic’s case study about Graphite Reviewer

How to enforce pull request reviewers in GitHub

Sara Verdi
Sara Verdi
Graphite software engineer


Note

This guide explains this concept in vanilla Git. For Graphite documentation, see our CLI docs.


GitHub PR reviewer policies provide a flexible framework for teams to implement review processes that suit their specific needs and workflows. In this guide, we’ll walk through how to enforce pull request reviewers in GitHub, configuring GitHub PR reviewer rules, how to require reviewers in GitHub, and how to set up GitHub pull request approval rules.

Branch protection rules in GitHub allow you to enforce specific policies, such as requiring PR reviewers before code is merged into a branch. These rules ensure that the codebase maintains a certain level of quality by enforcing PR review policies at the branch level.

To enforce GitHub PR reviewer rules, start by setting up branch protection rules on the target branch (typically the main branch). We have a more in-depth guide on setting up branch protection rules here. But to enforce reviewers, follow these steps:

  1. Go to your repository’s settings:

Navigate to the repository for which you want to set up enforcement. Click on the "Settings" tab at the top.

  1. Access branch protection rules:

Scroll down to the "Branches" section on the left-hand menu. Under "Branch protection rules," click "Add rule."

  1. Specify the branch:

In the "Branch name pattern" field, enter the branch name you want to protect (for example, main or development).

  1. Enforce pull request reviewers:

Check the box labeled "Require pull request reviews before merging." This is the key option to enforce pull request reviewers in GitHub. You can also specify how many reviewers are required for a PR to be approved. For example, you might enforce that at least 2 reviewers approve the PR before merging.

  1. Optional: Enforce review by code owners:

You can check the box for "Require review from Code Owners" if you want to ensure specific reviewers (e.g., team leads or senior developers) must approve the PR. This option enforces reviewer policies in GitHub, ensuring that particular people review the PR based on ownership defined in the CODEOWNERS file.

  1. Save the branch protection rule:

Click "Create" or "Save" to apply the rule.

GitHub also allows you to configure additional rules around PR approvals. These rules can help enforce stricter policies or add flexibility where needed.

  • Dismiss stale pull request approvals when new commits are pushed:

If enabled, this setting will automatically invalidate previous PR approvals if new commits are added to the branch. This ensures that every reviewer looks at the latest changes, reinforcing GitHub pull request approval rules.

  • Require a passing status check:

Enforcing status checks means that tests or other automated tools must pass before a PR can be merged. While this setting isn’t directly related to reviewers, it works hand-in-hand with your GitHub reviewer rules to ensure code quality.

While GitHub offers solid enforcement for pull request reviewer rules, Graphite Protections further enhances these capabilities by automating rule enforcement across multiple repositories and providing detailed insights into your PR workflow.

With Graphite Protections, you can:

  • Enforce consistent reviewer policies across at the directory level allowing for more flexibility across monoreops.
  • Automate stale review dismissals and other advanced policies to make sure the latest code is always reviewed.
  • Track PR compliance with detailed reporting to ensure rules are followed across teams.

This makes Graphite Protections a great option for teams looking to scale PR reviewer enforcement effortlessly.

Here’s how the process of enforcing PR reviewers might look in a real-world scenario:

  1. A developer opens a pull request to merge changes into the main branch.
  2. GitHub checks for branch protection rules and automatically assigns reviewers according to the CODEOWNERS file.
  3. Two reviewers approve the pull request, as required by the branch protection rule.
  4. Before merging, the developer adds one more commit.
  5. Because "Dismiss stale pull request approvals" is enabled, the previous approvals are dismissed, and the reviewers must approve the new changes.
  6. Once the reviewers approve the updated PR and all status checks pass, the code can be merged into the main branch.

By following the steps outlined in this guide, you can effectively enforce pull request reviewers in GitHub and implement strong GitHub pull request approval rules. Leveraging tools like branch protection rules, the CODEOWNERS file, and options such as dismissing stale reviews ensures that your code review process remains thorough and consistent.

For teams managing multiple repositories or those who need deeper control, Graphite Protections can further streamline and automate PR reviewer enforcement. It provides centralized rule enforcement, advanced review automation, and actionable insights, allowing you to scale your reviewer policies efficiently across your organization while maintaining code quality at every level.

Graphite
Git stacked on GitHub

Stacked pull requests are easier to read, easier to write, and easier to manage.
Teams that stack ship better software, faster.

Or install our CLI.
Product Screenshot 1
Product Screenshot 2