GitHub - block merge PR by committers

You need to be able to

prevent the person that is involved in PR (create PR or make a commit) to be able to merge PR (or even approve it)

A contributor who has created a PR cannot approve or request changes by default in GitHub, so that is already taken care of.

Since a Pull Request is a GitHub feature, a PR merge can currently only be blocked by 2 ways

  • Using GitHub's settings
  • Using pre-receive hooks (only for GitHub Enterprise)

Using GitHub's settings, you can only block merging by requiring either pull request reviews, status checks to pass, signed commits or linear history as shown under the branch protection settings.

enter image description here

or by allowing merge commits, squash merging or rebase merging as shown in the Merge button section under repo settings

enter image description here

If you are on GitHub Enterprise, you can use a pre-receive hook (documentation) like below and ensure that self merging PRs are blocked (This eg is here)

if [[ "$GITHUB_VIA" = *"merge"* ]] && [[ "$GITHUB_PULL_REQUEST_AUTHOR_LOGIN" = "$GITHUB_USER_LOGIN" ]]; then
    echo "Blocking merging of your own pull request."
    exit 1
fi

exit 0

Apart from the above, there is no other way currently to block self merging PRs on GitHub. And using CircleCI or any other CI workflow can only block merging for everybody(if you opt for the requirement of status checks on GitHub) or nobody, as it can't control the PR merge button.


I've built an Action to provide this; should work on GitHub.com, GHEC, and GHES: https://github.com/marketplace/actions/dismiss-code-reviews-from-collaborators

As always, Issues & PRs are welcomed: https://github.com/peckjon/reject-pr-approval-from-committer


Greeting! The short answer is no. Now the longer answer! GitHub supports enabling master branch protection. This can help you enforce all kinds of rules like:

  • All PRs must have a code review before being merged
  • The reviewers of the code need to be an admin
  • The reviewers of the code need to be in a CODEOWNERS file
  • A subset of status checks all need to pass

For all of these rules, the assumption is that once they've been satisfied, anyone with write access to the repository can merge the PR. I'm curious - in what situation do you want to prevent that?

Now onto the bad ideas. If this was super important - you could take the drastic step of ensuring no human is responsible for merging PRs :) You could add a codeowner that is mapped to a robot account, ensuring that robot account performs an approval before the PR can merge. To that end, you could write logic in a custom GitHub action that's triggered on PR events to determine if the PR should be merged, and auto-merge it if all appropriate conditions are met.

I'm curious - why is this something you wanna do?