1.7 KiB
1.7 KiB
title, type, tags, last_updated
| title | type | tags | last_updated | ||||
|---|---|---|---|---|---|---|---|
| Pull Request Governance | concept |
|
2026-04-25 |
Definition
Pull Request Governance(PR 治理)是通过标准化 PR 模板、安全审查要求、风险记录和强制审查流程,保护分支合并质量的工作流规范。
Mandatory PR Scenarios
以下场景的合并必须经过 PR review:
- 合并到
main - 合并到
release/* - 大型重构
- 关键基础设施变更
- 认证、授权、基础设施、敏感数据处理相关变更
PR Template Structure
标准 PR 模板包含:
## What does this PR do?
Implements **JIRA-214** by adding the SSO login flow...
## Jira Link
- Ticket: JIRA-214
- Branch: feature/JIRA-214-add-sso-login
## Change Summary
- Add SSO callback controller and provider wiring
- Add regression coverage for expired refresh tokens
- Document the new login setup path
## Risk and Security Review
- Auth flow touched: yes
- Secret handling changed: no
- Rollback plan: revert the branch and disable the provider flag
## Testing
- Unit tests: passed
- Integration tests: passed in staging
- Manual verification: login and logout flow verified in staging
Security Discipline
- No secrets in PR:凭证、token、客户数据严禁出现在 PR 标题、描述或 diff 中
- Explicit validation scope:明确说明哪些环节经过测试、哪些未经测试
- Security review mandatory:认证、授权、基础设施、敏感数据处理变更必须经过安全审查
Rollback Readiness
每个 PR 必须包含回滚计划,确保回滚操作低风险、低影响。