Sync approval rules even when security_scans are duplicated
What does this MR do and why?
This change invokes SyncFindingsToApprovalRulesWorker
from StoreScansService
before doing an early return as the approval rules can be synced even when security_scans are already present.
More context: https://gitlab.com/gitlab-com/sec-sub-department/section-sec-request-for-help/-/issues/258#note_1879518307
Steps to verify
- Create a project with a build job and one or more security scan job. Refer https://gitlab.com/gitlab-org/govern/security-policies/sashis-test-group/test-419789 for example
- Create a branch and run a pipeline for the branch
- Verify in logs that
Security::StoreScansWorker
andSecurity::ScanResultPolicies::SyncFindingsToApprovalRulesWorker
are called - Once the pipeline is complete, re-run the build job and verify that both the workers are called again
tail -f log/sidekiq.log | grep -e 'StoreScansWorker' -e 'SyncFindingsToApprovalRulesWorker'
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Sashi Kumar Kumaresan