Security validation is preventing security merge requests to be merged
Security merge requests targeting master
are merged by triggering a pipeline and setting MWPS. Normally, it takes around 30 to 40 minutes for a pipeline to be completed, during this time it's possible for the security:validatate
rake task to be executed. If that's the case the rake task will identify this security merge request as "invalid" because it has a pending pipeline, then it'll create a discussion to notify the author preventing the automatic merging.
This happened recently with https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/837/
We need to prevent this to happen. Once the bot has triggered a pipeline for merged results, the validation should ignore this somehow.
Edited by Mayra Cabrera