Skip to content

Apply project approval settings without approver rules

Martin Čavoj requested to merge 418752-approval-settings-no-actions into master

What does this MR do and why?

This MR depends on !133946 (merged) and focuses on fixing the overrides of project approval settings. It also stops creating approval rules for policies which don't define any actions / approvers. It changes how violations are generated for any_merge_request rules so that the project approval settings can be applied on the MR even without approval rules.

It also fixes a situation when a policy targeting unsigned commits doesn't get properly applied after MR with unsigned commits is created.

Screenshots or screen recordings

It applies the approval settings even if there is no approval rule. After changing the policy settings in the DB, "Approve" button becomes available.

CleanShot_2023-10-12_at_17.21.41

How to set up and validate locally

  1. In rails console enable the feature flag
    Feature.enable(:scan_result_any_merge_request)
  2. Create a policy targeting unsigned commits. Go to Policies -> New scan result policy -> .yaml mode. Example YAML:
    type: scan_result_policy
    name: No actions
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
    approval_settings:
      block_protected_branch_modification: true
      prevent_approval_by_author: true
      prevent_approval_by_commit_author: true
      remove_approvals_with_new_commit: true
      require_password_to_approve: true
  3. Go to Settings -> Merge requests -> Disable "Prevent approval by author"
  4. Create MR
  5. Verify the approval is blocked
  6. Go to the policy and set enabled: false & Configure with merge request & Merge
  7. The "Approve" button should become available

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #418752 (closed)

Edited by Martin Čavoj

Merge request reports

Loading