Skip to content

Fix `branch_type` feature flagging

Dominic Bauer requested to merge 404774-fix-feature-flag into master

What does this MR do and why?

Fixes two problems with the feature flagging introduced by !121679 (merged). Both problems are limited to scan execution policies of type: pipeline.

See: #404774 (comment 1427073846)

How to set up and validate locally

  • Create a group

  • Create a contained project

  • Disable the feature flag for the project:

    Feature.disable(:security_policies_branch_type, Project.find(-1))
  • Commit the following .gitlab-ci.yml:

    dummy_job:
      script:
        - exit 0
  • On the group level, navigate to Security and Compliance > Policies and create the following scan execution policy:

    type: scan_execution_policy
    name: Pipeline / Default Branch / Container Scan
    description: ''
    enabled: true
    rules:
      - type: pipeline
        branch_type: default
    actions:
      - scan: container_scanning
        variables:
          CS_IMAGE: "nginx:1"
  • Navigate to CI/CD > Pipelines, run a pipeline for the main branch and verify only the dummy_job was created.

  • Enable the feature flag for the project:

    Feature.enable(:security_policies_branch_type, Project.find(-1))
  • Navigate to CI/CD > Pipelines, run a pipeline for the main branch and verify both dummy_job and container-scanning-0 were created.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #404774 (closed)

Edited by Dominic Bauer

Merge request reports

Loading