Maintainer can't merge an approved MR

Summary

A user with a maintainer access is unable to merge a request they submitted and was approved by CODEOWNERS, despite having rights to merge an MR under the protected branches settings. When the user presses the merge button they receive an error.

This appears to have started either in 12.9.4 or 12.9.5 after implementing a fix for https://gitlab.com/gitlab-org/gitlab/-/issues/118807 (confidential).

Steps to reproduce

  1. Create a project with CODEOWNERS file and sample .gitlab-ci.yml.
  2. Add 2 members as maintainers, and set 1 as CODEOWNER.
  3. Maintainer 1 submits an MR to a protected dir as per the CODEOWNERS file.
  4. Maintainer 2 (CODEOWNER) approves the MR.
  5. Maintainer 1 clicks the merge button.

Example Project

This was reproducible in a self-managed instance starting at 12.9.5, 12.10.0 to 12.10.3.

What is the current bug behavior?

A maintainer is unable to merge an MR after it's been approved by CODEOWNERS.

What is the expected correct behavior?

A maintainer is able to merge an MR after it's been approved by CODEOWNERS.

Relevant logs and/or screenshots

Merge failed: Something went wrong during merge pre-receive hook. Pushes to protected branches that contain changes to files that match patterns defined in `CODEOWNERS` are disabled for this project. Please submit these changes via a merge request. The following pattern(s) from `CODEOWNERS` were matched: - api/system/. Please try again.

codeowners3

codeowners2

codeowners1

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 
System information
System:		Ubuntu 18.04
Proxy:		no
Current User:	git
Using RVM:	no
Ruby Version:	2.6.5p114
Gem Version:	2.7.10
Bundler Version:1.17.3
Rake Version:	12.3.3
Redis Version:	5.0.7
Git Version:	2.26.2
Sidekiq Version:5.2.7
Go Version:	unknown

GitLab information
Version:	12.10.3-ee
Revision:	7c0ab260960
Directory:	/opt/gitlab/embedded/service/gitlab-rails
DB Adapter:	PostgreSQL
DB Version:	11.7
URL:		https://rhassanein.do.gitlap.com
HTTP Clone URL:	https://rhassanein.do.gitlap.com/some-group/some-project.git
SSH Clone URL:	git@rhassanein.do.gitlap.com:some-group/some-project.git
Elasticsearch:	yes
Geo:		no
Using LDAP:	yes
Using Omniauth:	yes
Omniauth Providers: 

GitLab Shell
Version:	12.2.0
Repository storage paths:
- default: 	/var/opt/gitlab/git-data/repositories
GitLab Shell path:		/opt/gitlab/embedded/service/gitlab-shell
Git:		/opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check 
Checking GitLab subtasks ...

Checking GitLab Shell ...


GitLab Shell: ... GitLab Shell version >= 12.2.0 ? ... OK (12.2.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful


Checking GitLab Shell ... Finished


Checking Gitaly ...


Gitaly: ... default ... OK


Checking Gitaly ... Finished


Checking Sidekiq ...


Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1


Checking Sidekiq ... Finished


Checking Incoming Email ...


Incoming Email: ... Reply by email is disabled in config/gitlab.yml


Checking Incoming Email ... Finished


Checking LDAP ...


LDAP: ... Server: ldapmain
LDAP authentication... Success
LDAP users with access to your GitLab server (only showing the first 100 results)
User output sanitized. Found 0 users of 100 limit.


Checking LDAP ... Finished


Checking GitLab App ...


Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ...
1/1 ... yes
7/2 ... yes
7/3 ... yes
7/4 ... yes
7/5 ... yes
7/6 ... yes
7/7 ... yes
7/8 ... yes
7/9 ... yes
7/10 ... yes
8/11 ... yes
8/12 ... yes
8/13 ... yes
8/14 ... yes
1/15 ... yes
7/16 ... yes
1/17 ... yes
6/18 ... yes
1/20 ... yes
1/21 ... yes
1/30 ... yes
1/31 ... yes
1/32 ... yes
1/33 ... yes
1/34 ... yes
14/35 ... yes
17/36 ... yes
1/37 ... yes
1/38 ... yes
27/39 ... yes
29/40 ... yes
30/41 ... yes
32/42 ... yes
34/43 ... yes
36/44 ... yes
38/45 ... yes
40/46 ... yes
42/47 ... yes
44/48 ... yes
45/49 ... yes
47/50 ... yes
49/51 ... yes
51/52 ... yes
53/53 ... yes
1/54 ... yes
1/55 ... yes
1/56 ... yes
1/57 ... yes
55/58 ... yes
1/59 ... yes
Redis version >= 4.0.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.5)
Git version >= 2.22.0 ? ... yes (2.26.2)
Git user has default SSH configuration? ... yes
Active users: ... 8
Is authorized keys file accessible? ... yes
Elasticsearch version 5.6 - 6.x? ... Exception: Connection refused - Connection refused - connect(2) for "127.0.0.1" port 9200 (localhost:9200)


Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

Possible fixes

  • Let CODEOWNERS merge the MR.
  • Disable CODEOWNERS altogether.

Additional info

Possibly related https://gitlab.com/gitlab-org/gitlab/-/issues/216345 (confidential)

ZD ticket1, ZD ticket2 (internal)

Edited by Rehab