Skip to content

Fix MR approval policy `prevent_pushing_and_force_pushing` enforcement

What does this MR do and why?

Fixes a regression introduced by !154369 (merged) that broke changes to a protected branch's merge access levels with an MR approval policy in place that sets prevent_pushing_and_force_pushing: true.

Related to https://gitlab.com/gitlab-com/dev-sub-department/section-dev-request-for-help/-/issues/271

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a new project.
  2. Navigate to Secure > Policies and create the following Merge request approval policy:
type: approval_policy
name: Block protected branches
enabled: true
rules:
  - type: any_merge_request
    branch_type: protected
    commits: any
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers: [root]
approval_settings:
  prevent_pushing_and_force_pushing: true
  1. Navigate to Settings > Repository, expand Protected branches and verify that the Allowed to merge dropdown is functional.

Merge request reports

Loading