Group-level protected branch does not apply configuration to projects in the group
Summary
Protected branch configuration inherited from Group-level protected branches do not apply. The protected branch appears for the projects in the group, but the configuration is not applied.
If we add a Project-level protected branch with the same configuration as the Group-level protected branch, the configuration has the intended effect. It's as if the Group-level protected branch configuration is not used.
Customer has reported this behaviour, and was reproduced by GitLab Support in v16.4.1. This bug has also been confirmed by GitLab Support to impact v16.7.
Steps to reproduce
- Install v16.7 GitLab (I did with the official Docker image)
- Enable FF
:group_protected_branches
- Create a group
- Create a group-level protected branch for
main
, withDevelopers + Maintainers
andInstance Admins
asAllowed to Merge
, andNo-one
forAllowed to push and merge
- Create a project in the group
- As group and project owner, create a new branch from
main
- Add changes to the new branch, create an MR
- Attempt to merge
Example Project
What is the current bug behavior?
Message appears Ready to merge by members who can write to the target branch
, and the user's avatar appears with the tooltip Cannot merge
What is the expected correct behavior?
The user can merge based on the Group-level protected branch configuration
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)