Validation in FlexReview
Validation enhances code reviews by validating the required approvals based on the defined ownership of the code and selectively dismisses reviewers based on code changes.
Last updated
Was this helpful?
Validation enhances code reviews by validating the required approvals based on the defined ownership of the code and selectively dismisses reviewers based on code changes.
Last updated
Was this helpful?
FlexReview Validation applies a status check on GitHub that represents the validation criteria to merge a PR. If the status check is successful (it turns green) it means that the required amount of approvals have been met, otherwise it may be in a pending state (it’s still waiting for reviews) or a failed state (there have been changes requested). This status check can then be enforced as a required check for merging.
FlexReview improves upon the traditional code review approval process by using custom ownership rules while also allowing for smart dismissal of approvals based on the modifications in a given commit. These validation rules are enforced for every commit in a PR and includes a “break glass” override in case of emergencies.
Validation ensures that:
Approvals are applied dynamically based on definitions.
Reviewers are dismissed selectively based on diff changes rather than revoking all approvals indiscriminately on each commit.
Slack notifications are sent when approvals are dismissed or overridden.
When using FlexReview Validation, you should move your Codeowners file to an Aviator Owners file to avoid GitHub overriding the validation settings. The Aviator Owners file is compatible with Codeowners, which means your reviewer requirements in Codeowners will be easily replicated in Aviator’s Custom Ownership model.
In addition, FlexReview also introduces concepts of that can help reduce the burden on the reviewers and authors. FlexReview Validation can be used without applying recursive ownership.
GitHub provides an option to "Dismiss stale pull request approvals when new commits are pushed," but this can lead to unnecessary re-approvals from all reviewers even if only a small part of the code is changed. FlexReview’s Validation refines this process by:
Identifying what changes have been made in the new commits.
Dismissing only the approvals of reviewers whose owned files have changed.
Keeping approvals intact for files that remain unchanged.
This approach minimizes redundant review requests while ensuring necessary approvals are always in place. Changes are determined on a per-commit basis - when a user approves a pull request, their approval is stored as an approval of the changes made in their owned files for that particular commit. When additional commits are made, the diff between these changes and the last approved commit are calculated for each approver. If there are any changes, that user’s approval is dismissed and they are notified to re-review.
FlexReview applies smart validation in different ways based on what changes have been made.
Merging in the base branch
No new approvals are required if no new changes are introduced.
If a merge conflict occurred, these will be detected as a code change and some approvals may be reset.
Files added or changed
Approvals are dismissed selectively.
File deleted
Approval from the given file owner is dismissed.
Base branch changes:
If the new base branch is also configured for FlexReview Validation, all approvals are dismissed.
If the new branch is not configured for FlexReview Validation, approvals will not be dismissed.
If stacked PRs are created without using aviator CLI, they are considered independent changes and the validation workflow may will be applied as described above.
Standard Flow
A pull request is not yet fully approved by all required reviewers.
A user posts a “breakglass” comment on the PR.
A different user approves the PR.
The PR is now eligible for merge.
Self-Approval Issued After Breakglass
The same user who posted the breakglass comment attempts to approve the PR.
Their approval does not count toward the required approvals.
The PR cannot be merged.
New Commit After Approval
A user approves the PR after the breakglass comment is issued.
A new commit is pushed to the PR before it is merged:
If the commit is a rebase or does not change code:
The previous approval still holds
The PR can be merged.
If the commit introduces actual code changes:
The previous approval is invalidated.
The PR cannot be merged without re-approval.
Breakglass is Issued After PR Is Mergeable
The PR is already eligible to be merged before a breakglass comment is added.
The breakglass comment has no impact.
The PR remains mergeable.
GitHub’s "dismiss all approvals on push" rule is unnecessary with Validation, as FlexReview will dismiss approvals by comparing diffs at the per-file and per-commit level. This is done by:
Taking a diff of the base commit SHA and the head commit SHA for each file.
Evaluating if there are changes between the last approved commit for that file and the latest commit.
Dismissing the user approvals that have been invalidated while keeping all other approvals intact.
This ensures that approvals remain relevant and accurate throughout the PR lifecycle.
If using and this PR was part of a stack, new approvals will be calculated based on the target branch instead of the base branch and approvals will be selectively dismissed.