Skip to content

Don't block merge requests if no license compliance rules are defined

Stan Hu requested to merge sh-fix-issue-430706 into master

What does this MR do and why?

We noticed in gitlab-runner!4430 (merged) that the merge request was blocked with the message "denied licenses must be removed". In that project, license scanning is enabled but no compliance rules or approval rules are defined.

It appears this happened due to a combination of two factors:

  1. The merge request's base pipeline did not have a license scanning job. This occurred because the base pipeline had a docs-only change (#430710 (closed)).

  2. MergeRequest#has_denied_policies? attempted to compare the license scanning results from the head pipeline and the base pipeline. Since no policies were defined, all licenses were deemed out-of-compliance.

We can fix the second issue by returning false if no license compliance policies are defined in the first place.

Relates to #430706 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Stan Hu

Merge request reports

Loading