Introduce merge check for merge request approval policy evaluation
Problem to Solve
Policies are currently implemented as a pipeline job that evaluates various conditions to determine what actions might need to be taken on a pipeline. This presents a few challenges when looking at an MR:
- The policy defaults to requiring approval, even though the pipeline hasn't been evaluated and it may not actually require an approval
- The policy evaluation is tied to the pipeline being completed, but not all projects require a pipeline to be complete to merge
- Information about the policy isn't available to the user and so it's not transparent what's actually happening
Proposal
The presence of a policy should be a merge check. This would allow it to block merging until the merge check finishes evaluating. Once the merge check is evaluate all of the remaining actions can be put in place, like approvals.
Inside of the merge widget we should add an additional check:
All security policies must be evaluated.
When that check is not finished being evaluated (dependent on the pipeline completing), a in progress icon a blocking icon can be shown until it's then a Green check after it's finished. This would also then show in the widget to say Merge blocked: XXX checks failed or in progress
This would make it clear that the policy evaluation needs to be complete and for the purpose of the user decouple it from the pipeline so it's more transparent. It would also prevent approvals from showing prematurely and using that as the blocking function since we'd be using the blocking function of a merge check.
In a later iteration, the new merge check will link to an area in the UI that displays each policy that's in place for the merge request. This will allow users the insight to see what policies are in place and what they require.