Fix `branch_type` feature flagging
What does this MR do and why?
Fixes two problems with the feature flagging introduced by !121679 (merged). Both problems are limited to scan execution policies of type: pipeline
.
- In the case of group-level policies, the feature check compares to
nil
instead of aProject
: !123385 (diffs, comment 1427166279) - With the feature flag disabled,
branch_type
policies currently raise: !123385 (diffs, comment 1427168812)
See: #404774 (comment 1427073846)
How to set up and validate locally
-
Create a group
-
Create a contained project
-
Disable the feature flag for the project:
Feature.disable(:security_policies_branch_type, Project.find(-1))
-
Commit the following
.gitlab-ci.yml
:dummy_job: script: - exit 0
-
On the group level, navigate to
Security and Compliance > Policies
and create the following scan execution policy:type: scan_execution_policy name: Pipeline / Default Branch / Container Scan description: '' enabled: true rules: - type: pipeline branch_type: default actions: - scan: container_scanning variables: CS_IMAGE: "nginx:1"
-
Navigate to
CI/CD > Pipelines
, run a pipeline for themain
branch and verify only thedummy_job
was created. -
Enable the feature flag for the project:
Feature.enable(:security_policies_branch_type, Project.find(-1))
-
Navigate to
CI/CD > Pipelines
, run a pipeline for themain
branch and verify bothdummy_job
andcontainer-scanning-0
were created.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #404774 (closed)