Use latest completed pipeline in target branch for scan result policy comparison
Description
MR approvals from scan result policies are applied after the pipeline in the MR is complete. The security findings are compared between the latest pipeline in MR and the latest pipeline in the target branch of the MR. But if the latest pipeline in the target branch is in running
state, the security findings would not be generated and if that pipeline is considered for the comparison, the MR might require approvals and it would happen inconsistently.
Proposal
Instead of taking the latest pipeline in the target branch, take the latest completed pipeline in the target branch. This would make sure that the security findings are present for the target branch and the comparison would happen without any errors.
Implementation Plan
-
backend Create new method in ee/app/models/ee/merge_request.rb
to get the latest completed pipeline for a given branch
Edited by Sashi Kumar Kumaresan