Skip to content

Execute Approval Gates webhook on MR change

Max Woolf requested to merge 267517-execute-approval-gates into master

What does this MR do?

  • In a merge request who's project contains external approval rules, sends a standard webhook payload to the endpoints on every change of the MR.
  • The next step for implementation of the epic is to extend the approval API to allow an external service to approve a particular MR.

How to review

  1. Create a project with an Ultimate licence

  2. Enable feature flag:

    Feature.enable(:ff_compliance_approval_gates)

  3. Create a new external approval rule on that project using the REST API. You should set the external_url field to a service that you can see. You might want to use RequestBin to do this.

  4. Open a merge request on the project. Check that the payload has been sent to RequestBin.

  5. Edit a merge request. Check again for another payload

  6. Push new code to HEAD of the source branch of the merge request. Check again.

The payload should include the same data as a merge request webhook, with the addition of a external_approval_rule key.

Example testing: https://requestbin.com/r/envcciadp9jg/1pnROMTcZYq1SdObUoGLhblPWix

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #267517 (closed)

Edited by Max Woolf

Merge request reports