Skip to content

Add approvalPolicies field and deprecate scanResultPolicies

What does this MR do and why?

This MR adds approvalPolicies field and deprecates scanResultPolicies. Deprecation issue: #439199

Field scanResultPolicies in GraphQL API is being renamed to approvalPolicies.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Project Group
CleanShot_2024-01-24_at_16.08.14_2x CleanShot_2024-01-24_at_16.09.05_2x

How to set up and validate locally

  1. Create a new group
  2. Visit Secure -> Policies and create a group policy. Sample policy YAML:
    type: scan_result_policy
    name: Test policy
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - developer
  3. Query GraphQL (/-/graphql-explorer):
    query groupApprovalPolicies {
        namespace: group(fullPath: "<group-path>") {
            id
            approvalPolicies(relationship: INHERITED) {
                nodes {
                    name
                    yaml
                    editPath
                    enabled
                    updatedAt
                    userApprovers {
                        id
                        name
                        webUrl
                    }
                    allGroupApprovers {
                        id
                        fullPath
                        webUrl
                    }
                    roleApprovers
                }
            }
        }
    }
  4. Create a new project
  5. Visit Secure -> Policies and create a project policy. Sample policy YAML:
    type: scan_result_policy
    name: Test policy
    description: ''
    enabled: true
    rules:
      - type: any_merge_request
        branch_type: protected
        commits: any
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - developer
  6. Query GraphQL (/-/graphql-explorer):
    query projectApprovalPolicies {
        namespace: project(fullPath: "<project-path>") {
            id
            approvalPolicies(relationship: INHERITED) {
                nodes {
                    name
                    yaml
                    editPath
                    enabled
                    updatedAt
                    userApprovers {
                        id
                        name
                        webUrl
                    }
                    allGroupApprovers {
                        id
                        fullPath
                        webUrl
                    }
                    roleApprovers
                }
            }
        }
    }

Related to #439094 (closed)

Edited by Martin Čavoj

Merge request reports

Loading