FE: Update bot comment on MR for warn mode
Why are we doing this work
When a policy is created that has a warn mode, the bot comment message produced by it should guide the developer as to what the next steps are
Relevant links
Considering the backend requirements, perhaps there's a short term solution for this aspect, such as a link to the policy with some simple language for developers to find the policy owners? We can then fill that in with a follow up backend / frontend task to populate the details?
Another consideration - maybe we wouldn't want to add every individual if the policy requires approval from a given role, or even if a group has many members, that could make the comment extremely long :thinking:
Current design states:
> The following policies are triggered by the merge request:
Maybe we can say something more like:
> Review the following policies to understand requirements and identify policy owners for support:
>
> * Policy 1
> * Policy 2Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
-
Update ee/lib/security/scan_result_policies/policy_violation_comment.rb -
Add disclaimer about not having access to policy link -
Improve warn mode bot comment to remove policy from “Resolve all violations..” and “Acquire approvals…” sections if empty
Verification steps
- Upload a GitLab Ultimate license
- Enable the feature flag
echo "Feature.enable(:security_policy_approval_warn_mode)" | rails c - Navigate to a project/group => Secure => Policies => New policy => Merge request approval policy
- Create a policy with warn mode
- Create an MR on the project that triggers the policy with warn mode
- Verify the bot comment appears on the MR
Edited by Alexander Turinske