Skip to main content

Approving pull request builds

Abstract

You have the option of requiring manual approval for Bitrise builds started by pull requests if the app contains exposed Secrets. This option cannot be deactivated for public apps.

Not all pull requests need to be built. After all, for most projects, anyone can create a fork of the repository and submit a pull request. However, if an app on Bitrise is set up with Secrets that are exposed for pull request builds, for example, then you probably don’t want just anyone to be able to access those secrets.

That is why you have the option to require approval for a pull request build before it can start. This feature works somewhat differently for public and private apps:

  • Private apps: by default, pull requests submitted from a fork require approval. The setting can be changed. If your secrets are NOT exposed to PRs, the build will run without asking for approval.

  • Public apps: pull requests submitted from a fork require approval by default and it cannot be changed. Public apps CANNOT opt out of this feature.

Enabling manual approval for private apps

To enable or disable manual approval, you need to be an Admin or an Owner on the application’s team. The application MUST be private: public apps cannot opt out of this feature!

Admin access only

Only users with the role of admin on the app's team can access all functions of the App Settings page of an app.

  1. Open your app on Bitrise.

  2. On the main page of the app, click on the App Settings icon: settings.svg.

    app-settings.png
  3. On the left, select Builds.

  4. Scroll down to Manual build approval.

    Approving Pull Request builds

    Please note that you can only change this setting for private apps! For public apps, this is always enabled.

  5. Toggle the switch to enable or disable it.

    By default, it is set to disabled.

Approving the PR build

Approving the PR build

Please note that approving a PR build means approving it on Bitrise. Approving a pull request on GitHub, for example, isn't sufficient to start a build on Bitrise: an owner has to approve the build on Bitrise itself.

If a pull request is submitted from a fork, you will be notified that a PR build is waiting for approval:

  • A notification email will be sent with the name of the app, as well as links to the repository itself and to the app’s Builds page on Bitrise.

  • On the Git provider, the status of the CI check will show Pending - Waiting for approval

  • On the Builds page of the app, a confirmation box will be displayed.

    Approving Pull Request builds

To approve and run the build, click the Approve and Run Build button. Clicking Review opens the pull request on the website of your Git provider.