Fix approval policy to include group level protected branch
What does this MR do and why?
This MR fixes a bug with MR approval rules when allow_protected_branches_for_group & group_protected_branches feature flag are enabled and when a project does not have a branch that is specified in group level's protected branches.
This issue was already fixed with !153240 (merged) but was later reverted (!153717 (merged)) because of #462812 (closed). This MR adds .compact to ignore nil values.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Create a group and enabled
allow_protected_branches_for_group&group_protected_branchesFFs to the group - Create a group level protected branch (
feature) from Group -> Settings -> Repository -> Protected Branches - Add the following policy below to that group (Secure -> Policies -> New Policy -> Merge request approval policy)
--- scan_result_policy: - name: Policy test description: '' enabled: true actions: - type: require_approval approvals_required: 1 role_approvers: - maintainer - owner rules: - type: any_merge_request commits: any branches: - feature approval_settings: block_branch_modification: true prevent_pushing_and_force_pushing: true prevent_approval_by_author: true prevent_approval_by_commit_author: true remove_approvals_with_new_commit: true require_password_to_approve: false policy_scope: compliance_frameworks: [] - Create a project within the group
- Create 2 more non-protected branches. (Let's call them
new-branch-1andnew-branch-2) - Make some changes on
new-branch-2. For example, adding a new line in a README file. - Create an a MR with
new-branch-2as the source branch, andnew-branch-1as the target branch. - Observe that approval is not required for the MR
Addresses #456055 (closed)
Edited by Sashi Kumar Kumaresan