Global Push Rule not inherited by new project in sub-group
Summary
If you enable a Global Push Rule, new projects created in sub-groups won't inherit the Global Push Rule. However, new projects created in top-level groups do inherit the Global Push Rule.
This contradicts what is indicated in the documentation on Group push rule:
The group’s new subgroups have push rules set for them based on either:
The closest parent group with push rules defined.
Push rules set at the instance level, if no parent groups have push rules defined.
The reason why seems to be that the group_push_rule_available?
method checks if the project's group has a predefined_push_rule
. The global predefined_push_rule
is accessible via the Group, not the Sub-group.
The predefined_push_rule
method checks whether the parent has a pre-defined push rule. If there is no parent (ie top-level group), it uses the PushRule.global
.
Steps to reproduce
Reproduced on v14.10:
- Create a top-level group
- Create a sub-group under the top-level group
- Enable Global Push Rule which includes a
Require expression in commit messages
regex, save it - Create a new project in the top-level group
- Create a new project in the subgroup
Reproduced on GitLab.com v15.1.0-pre:
Repo link: Project in subgroup does not inherit the push rule while project in parent group does. (Settings viewable internally)
Example Project
What is the current bug behavior?
Project created in a subgroup does not inherit the Global Push Rule.
What is the expected correct behavior?
Project created in a subgroup should inherit the Global Push Rule.
Relevant logs and/or screenshots
## Global Push Rule
irb(main):033:0> pp PushRule.first["commit_message_regex"]
"^[A-Z]+[0-9]?-[0-9]+"
=> "^[A-Z]+[0-9]?-[0-9]+"
## Project in top-level Group
irb(main):027:0> project = Project.find(13)
=> #<Project id:13 reysspeeder/push_rules_maybeeee>>
irb(main):028:0> pp project.group.predefined_push_rule["commit_message_regex"]
"^[A-Z]+[0-9]?-[0-9]+"
=> "^[A-Z]+[0-9]?-[0-9]+"
## Project in subgroup
irb(main):029:0> project = Project.find(12)
=> #<Project id:12 reysspeeder/subgroup1/can_i_has_push_rule>>
irb(main):030:0> pp project.group.predefined_push_rule["commit_message_regex"]
""
=> ""
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible workaround
To enable push rules on existing projects you'll need to directly target the project's settings. It can be automated through the REST APIs:
- List every existing project (responses are paginated).
- Add push rules to each project with prevent_secrets (set to true to turn on) and file_name_regex (with suitable regex value) passed as parameters.