Validation does not happen when project is changed
Summary
When validation fails for external file, if user changes the project after that, validation does not work any more.
Steps to reproduce
- Upload a GitLab Ultimate license
- Enable the feature flag
echo "Feature.enable(:compliance_pipeline_in_policies)" | rails c
. - Create a group => Settings => General => Permissions and group features section
- Enable Run customized CI YAML file as security policy actions and save
- Navigate to a project => Create a .yml file in it
- Navigate to a project in the group => Secure => Policies => New policy => Scan Execution Policy
- Add new action => Run CI/CD code => Run "Linked existing CI file"
- Select the current project and the branch with the .yml file
- Mistype the file name
- Verify the validation fails (the ref and file name inputs are outlined in red)
- Type in the correct file name
- Verify the validation succeeds (nothing is outlined in red)
- Change the branch to one without the .yml file
- Verify the validation fails (the ref and file name inputs are outlined in red)
- Change project validation does not happen
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: \`sudo gitlab-rake gitlab:env:info\`) (For installations from source run and paste the output of: \`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing)
Analysis
What is happening is
- when a user switches projects, the
ref
gets reset todefault branch
- we do not currently retrieve what the
default branch
is for a project, so no validation is done against it (code)
Possible solution
-
retrieve default branch when project is selected and use it for validation
Edited by Alexander Turinske