Apply project approval settings without approver rules
What does this MR do and why?
This MR depends on !133946 (merged) and focuses on fixing the overrides of project approval settings.
It also stops creating approval rules for policies which don't define any actions / approvers.
It changes how violations are generated for any_merge_request
rules so that the project approval settings can be applied on the MR even without approval rules.
It also fixes a situation when a policy targeting unsigned commits doesn't get properly applied after MR with unsigned commits is created.
Screenshots or screen recordings
It applies the approval settings even if there is no approval rule. After changing the policy settings in the DB, "Approve" button becomes available.
CleanShot_2023-10-12_at_17.21.41
How to set up and validate locally
- In rails console enable the feature flag
Feature.enable(:scan_result_any_merge_request)
- Create a policy targeting unsigned commits. Go to Policies -> New scan result policy ->
.yaml mode
. Example YAML:type: scan_result_policy name: No actions description: '' enabled: true rules: - type: any_merge_request branch_type: protected commits: any approval_settings: block_protected_branch_modification: true prevent_approval_by_author: true prevent_approval_by_commit_author: true remove_approvals_with_new_commit: true require_password_to_approve: true
- Go to Settings -> Merge requests -> Disable "Prevent approval by author"
- Create MR
- Verify the approval is blocked
- Go to the policy and set
enabled: false
& Configure with merge request & Merge - The "Approve" button should become available
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #418752 (closed)