Skip to content

Add errors into detailed policy bot comment

What does this MR do and why?

This MR adds policy evaluation errors into detailed policy bot comment.

Depends on !147561 (merged).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Missing artifacts (CI misconfiguration) Scan removed Recording
CleanShot_2024-03-25_at_18.47.02_2x CleanShot_2024-03-25_at_18.53.59_2x CleanShot_2024-03-25_at_18.48.35

How to set up and validate locally

  1. Create a project
  2. Enable feature flag in rails console:
    Feature.enable(:save_policy_violation_data, Project.last)
  3. Go to Secure -> Policies and create a new Merge request approval policy with the following YAML:
    type: approval_policy
    name: Sec & Lic
    description: ''
    enabled: true
    rules:
      - type: scan_finding
        scanners: []
        vulnerabilities_allowed: 0
        severity_levels: []
        vulnerability_states: []
        branch_type: protected
      - type: license_finding
        match_on_inclusion: true
        license_types:
          - BSD 3-Clause "New" or "Revised" License
        license_states:
          - newly_detected
        branch_type: protected
    actions:
      - type: require_approval
        approvals_required: 1
        role_approvers:
          - developer
  4. Configure with merge request & merge
  5. Go back to the project and update README.md in a new MR
  6. Verify that bot comment is created and includes two errors, mentioning missing artifacts.

Related to #433403 (closed)

Edited by Martin Čavoj

Merge request reports

Loading