Skip to content

Consider merge request pipelines for license approval policies

Sashi Kumar Kumaresan requested to merge sk/448659-fix-multi-pipelines into master

What does this MR do and why?

This change fixes a bug with license approval policies enforces incorrect approval when the merge request pipeline is marked as head pipeline in an MR.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before After
Screenshot_2024-04-11_at_1.35.26_AM Screenshot_2024-04-11_at_1.42.18_AM

How to set up and validate locally

name: DS Scan
description: ''
enabled: true
actions:
- scan: dependency_scanning
rules:
- type: pipeline
  branch_type: all
name: License policy
description: ''
enabled: true
actions:
- type: require_approval
  approvals_required: 1
  group_approvers_ids:
  - 22
rules:
- type: license_finding
  match_on_inclusion: false
  license_types:
  - MIT License
  - unknown
  license_states:
  - newly_detected
  branch_type: protected
approval_settings:
  block_branch_modification: false
  prevent_pushing_and_force_pushing: false
  • Create a MR that updates the readme and verify if dependency_scanning job is added to the branch pipeline and wait for both the pipelines to complete
  • Verify that the approval is not enforced and also no comment from the policy violation bot

Addresses #448659 (closed)

Edited by Sashi Kumar Kumaresan

Merge request reports

Loading