Don't block merge requests if no license compliance rules are defined (!135973) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-fix-issue-430706 into master Nov 03, 2023

What does this MR do and why?

We noticed in gitlab-runner!4430 (merged) that the merge request was blocked with the message "denied licenses must be removed". In that project, license scanning is enabled but no compliance rules or approval rules are defined.

It appears this happened due to a combination of two factors:

The merge request's base pipeline did not have a license scanning job. This occurred because the base pipeline had a docs-only change (#430710 (closed)).
MergeRequest#has_denied_policies? attempted to compare the license scanning results from the head pipeline and the base pipeline. Since no policies were defined, all licenses were deemed out-of-compliance.

We can fix the second issue by returning false if no license compliance policies are defined in the first place.

Relates to #430706 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 03, 2023 by Stan Hu

Don't block merge requests if no license compliance rules are defined

What does this MR do and why?

MR acceptance checklist

Merge request reports