61 lines
1.7 KiB
Markdown
61 lines
1.7 KiB
Markdown
---
|
||
title: "Pull Request Governance"
|
||
type: concept
|
||
tags: ["git", "code-review", "workflow", "delivery-traceability"]
|
||
last_updated: 2026-04-25
|
||
---
|
||
|
||
## Definition
|
||
|
||
Pull Request Governance(PR 治理)是通过标准化 PR 模板、安全审查要求、风险记录和强制审查流程,保护分支合并质量的工作流规范。
|
||
|
||
## Mandatory PR Scenarios
|
||
|
||
以下场景的合并**必须**经过 PR review:
|
||
- 合并到 `main`
|
||
- 合并到 `release/*`
|
||
- 大型重构
|
||
- 关键基础设施变更
|
||
- 认证、授权、基础设施、敏感数据处理相关变更
|
||
|
||
## PR Template Structure
|
||
|
||
标准 PR 模板包含:
|
||
|
||
```markdown
|
||
## What does this PR do?
|
||
Implements **JIRA-214** by adding the SSO login flow...
|
||
|
||
## Jira Link
|
||
- Ticket: JIRA-214
|
||
- Branch: feature/JIRA-214-add-sso-login
|
||
|
||
## Change Summary
|
||
- Add SSO callback controller and provider wiring
|
||
- Add regression coverage for expired refresh tokens
|
||
- Document the new login setup path
|
||
|
||
## Risk and Security Review
|
||
- Auth flow touched: yes
|
||
- Secret handling changed: no
|
||
- Rollback plan: revert the branch and disable the provider flag
|
||
|
||
## Testing
|
||
- Unit tests: passed
|
||
- Integration tests: passed in staging
|
||
- Manual verification: login and logout flow verified in staging
|
||
```
|
||
|
||
## Security Discipline
|
||
|
||
- **No secrets in PR**:凭证、token、客户数据严禁出现在 PR 标题、描述或 diff 中
|
||
- **Explicit validation scope**:明确说明哪些环节经过测试、哪些未经测试
|
||
- **Security review mandatory**:认证、授权、基础设施、敏感数据处理变更必须经过安全审查
|
||
|
||
## Rollback Readiness
|
||
|
||
每个 PR 必须包含回滚计划,确保回滚操作低风险、低影响。
|
||
|
||
## Sources
|
||
- [[project-management-jira-workflow-steward]]
|