Skip to content

Add security policy schema to block unprotecting branches

What does this MR do and why?

This adds security policy schema for the "block unprotecting branches" setting.

How to set up and validate locally

  1. Create a project
  2. Create a scan result security policy with the following content:
    type: scan_result_policy
    name: Any unsigned MR
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: unsigned
    actions:
      - type: require_approval
        approvals_required: 1
        user_approvers_ids:
          - 4 # Change to any existing user ID with access to the project
    approval_settings:
      block_unprotecting_branches: true
  3. Copy the ID of your project
  4. Start a rails console
  5. Fetch the Security::ScanResultPolicyRead:
    Security::ScanResultPolicyRead.where(project_id: 172).first.project_approval_settings
  6. It should have the following value:
    {"block_unprotecting_branches"=>true}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #423101 (closed)

Edited by Andy Schoenen

Merge request reports

Loading