Code Review
GitHub code review turns a PR diff into a structured conversation with formal states, line-level threads, and committable suggestions. It is the mechanism that gates whether a change merges, so the review states are not just opinions — under branch protection they decide what lands.
The features that make review effective are the ones that batch feedback, make changes one click to apply, and keep approvals honest as the branch moves. Skip them and review degrades into a stream of notification emails and rubber-stamp approvals.
Review States
A review is submitted as one of three states: Comment leaves feedback without a verdict, Approve signals the change is good to merge, and Request changes blocks it. Under branch protection a single Request changes can hold the merge button until that reviewer explicitly re-reviews.
That stickiness is the point and the trap. Request changes does not clear itself when the author pushes a fix — the blocking reviewer has to come back and re-review, so leaving one before disappearing stalls the PR indefinitely.
Review Threads
Comments attach to a line or a range of lines and form threads that can be resolved once addressed. The key habit is to "Start a review" so comments batch into one submission, rather than firing each comment individually and sending the author a separate notification per line.
Resolving threads explicitly is what makes the unresolved count meaningful. When every addressed thread is marked resolved, the remaining count is real outstanding work, not a mix of done and not-done that no one trusts.
Suggested Changes
A suggestion block proposes exact replacement code that the author commits with one click, and multiple suggestions can be batched into a single commit. It is the difference between "this should be 5, not 3" — which the author has to translate into an edit — and a change they apply directly.
For any concrete code change, a suggestion is strictly better than prose: it removes the chance of the author mis-applying the edit and it records the reviewer's exact intent in the diff.
Re-review and Stale Approvals
After an author addresses feedback, they request a re-review to pull the reviewer back in. When "dismiss stale approvals" is configured, a new push automatically invalidates prior approvals, so the version that merges is the version that was actually approved.
Without that setting, a PR approved at commit A can merge with a later commit B that no one reviewed. The stale-approval dismissal closes exactly that gap between what was approved and what lands.
Review Assignment
A CODEOWNERS file auto-requests the right reviewers based on which paths a PR touches, so the correct people are pulled in without the author having to remember them. Teams can be assigned with round-robin or load-balancing so review work spreads evenly, and a required-reviewer count enforces how many approvals a merge needs.
- Submitting each comment individually instead of "Start a review," so the author gets ten separate notification emails for one review pass.
- Approving a PR you only skimmed because CI is green, when green checks test behavior, not whether the design is right.
- Leaving Request changes on a PR then going on vacation, so the merge stays blocked until you explicitly re-review even after the author fixes everything.
- Writing prose like "this should be 5 not 3" instead of a
suggestionblock, forcing the author to hand-edit instead of committing in one click. - Not enabling "dismiss stale approvals," so a PR approved at commit A merges with an unreviewed commit B.
- Use "Start a review" to batch all comments into one submission with a single notification.
- Leave committable
suggestionblocks for any concrete code change so the author applies them in one click. - Enable "Dismiss stale pull request approvals when new commits are pushed" in branch protection.
- Set up
CODEOWNERSso the right reviewers are auto-requested instead of relying on authors to remember. - Resolve review threads explicitly so the unresolved count reflects real outstanding work.
Knowledge Check
Why is Request changes stickier than a plain Comment?
- Under branch protection it blocks merge until that reviewer explicitly re-reviews, even after the author fixes everything
- It fires off a separate notification email to the author for every single inline thread it contains, far more mail than a plain comment ever generates
- It cannot be resolved by the author at all, even after every single thread on the diff has been addressed and replied to
- It automatically closes the pull request the instant the verdict is submitted, with no way to reopen it
What does "dismiss stale approvals when new commits are pushed" protect against?
- A PR approved at one commit merging with a later, unreviewed commit added afterward
- Two different reviewers happening to approve the very same pull request at the same moment, which it then collapses into one
- Approvals coming from people who are not listed in the repository's CODEOWNERS file for the changed paths
- A reviewer approving their own pull request to bypass the review requirement entirely
Why is green CI not a substitute for a real review?
- Green checks test that the behavior works, not whether the design is right
- CI only ever runs on the base branch, never on the PR branch itself
- A green run automatically dismisses every prior approval on the PR
- CI cannot start running until at least one reviewer has approved the change
What is the benefit of "Start a review" over submitting each comment individually?
- All comments batch into one submission with a single notification instead of one email per line
- It lets you both approve the PR and request changes on it within one and the same review submission
- It hides your inline comments from every other reviewer right up until the moment the PR actually merges
- It automatically converts each prose comment you write into a committable suggestion block the author can apply
You got correct