Edited scan_results policy always required against new Merge Requests
Summary
Editing an applied scan_results
policy will cause it to be applied to MRs that it should not apply to.
Steps to reproduce
- Create a Security Policy Project with a rule preventing Merge Requests against an inapplicable branch name (
arbitrary_branch_name
) - Create a group, apply the Security Policy Project to the group
- Edit the Security Policy Project YAML file (any change will do; I reproduced by removing a rule block and adding an approver user)
- Create a project inside the group
- Create a test MR between two branches unrelated to the rule; the rule correctly does not appear.
- Create a new MR, as with Step 3. The rule will now appear and require approvals.
Example Project
https://gitlab.com/dharris-pages/parent/subgroup/mrtest/-/merge_requests/3
The policy on the above project should only trigger if we try to merge into the branch puppies
.
What is the current bug behavior?
An approval is required when it should not be required.
What is the expected correct behavior?
Approval should only be required when merging into the correct branch.
Relevant logs and/or screenshots
Output of checks
GitLab Enterprise Edition 15.7.0-pre 44619103
Possible fixes
Edited by James Reed