Skip to content

Reset required approvals for violated rules

What does this MR do and why?

This MR fixes a bug when approvals are not required if a re-run of pipeline produces reports with new security findings.

The approvals_required for a merge request are currently reset on push in https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/services/ee/merge_requests/refresh_service.rb#L18. If a first pipeline run doesn't find any violations, it removes required approvals from the merge request approval rules. If another pipeline is run, it might find new findings which may require approvals with policies using "previously existing" vulnerabilities. Currently, this second run doesn't add the required approvals, as no new code was pushed.

How to set up and validate locally

Follow the steps from the issue: #423495 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #423495 (closed)

Edited by Martin Čavoj

Merge request reports

Loading