Adapt MR widget to support fail-closed approval rules
What does this MR do and why?
This MR depends on the backend MR: !116969 (merged).
It updates the UI of the MR widget to support the new fail-closed rules from Security & Compliance policy (feature flag :invalid_scan_result_policy_prevents_merge
, disabled by default). It gives users better explanation of the rule status and helps them differentiate between fail-open (currently default - auto-approved invalid rules) and fail-closed rules (only applicable to Security Policy rules).
Screenshots or screen recordings
-
Before
-
After
-
Auto approved popover
-
Action required popover
-
When FF
:invalid_scan_result_policy_prevents_merge
from backend MR is disabled
How to set up and validate locally
- Backend changes are required to validate locally: !116969 (merged)
- Enable the new feature flag:
Feature.enable(:invalid_scan_result_policy_prevents_merge)
- Create a new security policy with secret detection and require approval from one user
- Configure with merge request & Merge
- Open an MR which adds a leaked secret, thus violating the policy
- Block the user used in the security policy
- Add approval rule on the MR to verify the fail-open state, using the same blocked user as the approver
- The MR widget should display
(!) Action required
for the Security Policy rule and(!) Auto approved
for the other approval rule
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #389905 (closed)