JWT token payload reflects incorrect branch protection status for merge request pipelines

Problem to solve

When viewing a JWT token payload in a merge request pipeline, the ref_protected value will be false even if the branch is protected.

Steps to reproduce:

1. Create a new project (main branch should be automatically protected)

2. Add a branch protection rule e.g. feature/*

3. create a new branch feature/foo that is supposed to run merge request pipelines

4. confirm from the API that feature/foo is protected.

5. Output the JWT token payload and notice that ref_protected is always false for the merge request event pipeline source.

Solution

Ensure that the JWT payload accurately reflects the protection status of a branch in a MR pipeline.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.