Skip to content

[merge approvals] CODEOWNERS not immediately enforced on merge requests if Sidekiq is backed up

Summary

If Sidekiq is really backed up, tasks in the merge_request_sync_code_owner_approval_rules queue (which as far as I can tell apply approval rules based on CODEOWNERS) can take some time to run, resulting in MRs which should require approval to be in a mergable state.

Steps to reproduce

  1. In a project on a GitLab EE instance that has a branch protected by a CODEOWNERS file, create a branch that modifies a file protected by CODEOWNERS
  2. Log in to the GitLab instance, and send SIGSTOP to all sidekiq processes to simulate backed-up worker processes.
  3. Create an MR using the branch created in the first step.
  4. Note that the MR says that "approval is optional"
  5. Send SIGCONT to all sidekiq processes
  6. Note that the MR is updated to require approvals.

Example Project

N/A

What is the current bug behavior?

A merge request that should require approvals is mergeable without approvals.

What is the expected correct behavior?

There are definitely a few possible approaches here - IMO, the right one would be to make sure all new MRs bound for CODEOWNERS-protected branches (as well as branches protected by any other mechanisms) are initialized in an "unmergeable - need to calculate approval rules" state, which the asynchronous sidekiq job would remove after applying approval rules.

Relevant logs and/or screenshots

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

(For installations with omnibus-gitlab package run and paste the output of:
`sudo gitlab-rake gitlab:env:info`)

(For installations from source run and paste the output of:
`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)

Results of GitLab application Check

Expand for output related to the GitLab application check 
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)


(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)


(we will only investigate if the tests are passing)

Possible fixes

Edited by Brett Gadberry