I want to be able to configure my repository so that changes require merge requests, and that merge requests can only be approved by a select list of approvers.
However, I want to make it so that approvers who submit merge requests can be approved by anyone. I do not want approvers to be able to self-approve.
How can I set up Gitlab to do this? All I’ve been able to do so far is to request that approvers find another approver to approve their work, or enable self-approve.
Hi @mgaunard
In your project Settings → General there are 2 sections dedicated to Merge Requests. You can setup Approval rules as well as restrict self-approve there.
In Settings → Repository you can also set branch as Protected (enabled by default on Default branch) and select who can Push to it. This will force everyone to use MRs.
@balonik please read my message carefully, you can see I specifically said I already know how to use self-approve, and that it is not what I want.
Also I don’t work with gitlab through menus, I use the API.
@mgaunard please read my message carefully, you can see I have already told you where you can enable/disable self-approve in UI. Here is API Merge request approvals API | GitLab for Merge request approvals.
For extra info, it seems approval rules is premium and higher, so won’t be available for free users: Merge request approval rules | GitLab
I don’t have it on mine, but then I don’t have premium 
@balonik I don’t know how to interact with someone that refuses to read what I wrote. I have no interest in instructions on how to enable/disable self-approve. I already know how to do this, it’s trivial.
@iwalker I do use a premium version of Gitlab.
To make sure I understand the question correctly:
If that means that no one should be allowed to push to the main default branch: Use protected branches, and set the default branch to no one can push and also no one can force push.
Suggest using CODEOWNERS that specify the user or group list, and are enforced by approval rules. Or, if CODEOWNERS is too much, start with approval rules and selected users.
This is the part I don’t fully understand. If someone is in the list of approvers, all users in the project should be able to approve their merge request. Wouldn’t that be a trust problem when everyone can approve, and not the specified list of approvers? Maybe there is an example that can help understand the requirements better.
Required approvals do take a minimum number into account, but I don’t think that one can be separated between approvers as MR authors (everyone) and everyone (only approvers). Suggest opening a feature proposal to discuss.
An alternative route can be to elect more eligible approvers from multiple groups, and have more broad approval rules so that everyone can review each other. This requires trust and documentation.
This can be specified within the approval settings, Merge request approval settings | GitLab either for the author, or even for all users adding commits to the MR too.
General thought: I read that the API is being used; understanding and explaining the concepts work better with the main feature documentation in my experience. From there, one can investigate the API endpoints documentation needed to achieve the different steps.