AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.
At GitHub, we’ve always felt that you should be able to open a pull request to start a conversation with your collaborators as soon as your brilliant idea or code is ready to take shape. Even if you end up closing the pull request for something else, or refactoring the code entirely, a good pull request is as much about collaboration as it is about code.
But what if you want to signal that a pull request is just the start of the conversation and your code isn’t in any state to be judged? Perhaps the code is for a hackathon project. You have no intention of ever merging it, but you’d still like people to check it out locally and give you feedback. Or perhaps you’ve opened a pull request without any code at all in order to get the discussion started.
With draft pull requests, you can clearly tag when you’re coding a work in progress. Now when you open a pull request, a dropdown arrow appears next to the “Create pull request” button. Toggle the dropdown arrow whenever you want to create a draft instead.
A draft pull request is styled differently to clearly indicate that it’s in a draft state. Merging is blocked in draft pull requests. Change the status to “Ready for review” near the bottom of your pull request to remove the draft state and allow merging according to your project’s settings. Also, if you have a CODEOWNERS file in your repository, a draft pull request will suppress notifications to those reviewers until it is marked as ready for review.
Draft pull requests are ready for your code in public and open source repositories, as well as in private repositories for groups using GitHub Team and Enterprise Cloud.