Skip to content

Fix duplicate license_scanning approval rule in MR approvals

Sashi Kumar Kumaresan requested to merge sk/420335-fix-duplicate-rules into master

What does this MR do and why?

Addresses #420335 (closed)

This MR fixes a bug in MR approvals where the approval rules are duplicated when a scan result policy is configured with both license_scanning and scan_finding report type.

Since both the rules has the same approvers, it does not make sense to show 2 entries in approval rules section, so merging them into a single rule would be more intuitive.

Screenshots or screen recordings

Before After
Screenshot_2023-08-22_at_9.21.50_PM Screenshot_2023-08-22_at_9.20.04_PM

How to set up and validate locally

  1. Create a scan result policy that contains both license_finding and scan_finding rules in a same policy
type: scan_result_policy
name: Scan Result Policy rule
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - GNU General Public License v2.0 or later
      - GNU Affero General Public License v3.0
    license_states:
      - newly_detected
    branches:
      - main
  - type: scan_finding
    scanners:
      - dependency_scanning
      - dast
      - sast
    vulnerabilities_allowed: 0
    severity_levels:
      - critical
    vulnerability_states:
      - newly_detected
    branches:
      - main
actions:
  - type: require_approval
    approvals_required: 1
    group_approvers_ids:
      - 22
  1. Create a MR with some random changes and check the approvals section that the rules are not duplicated

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Sashi Kumar Kumaresan

Merge request reports

Loading