MR approval policy widget does not update with pipeline findings without page refresh
Summary
The merge request approval widget does not update to reflect merge requests can be merged when the merge request pipeline has finished. The page requires a refresh for the widget to update and allow merge.
Reported in customer ticket:
Steps to reproduce
- Create a new project
- Add security job to MR pipelines:
include:
- template: Jobs/Secret-Detection.latest.gitlab-ci.yml- Create new MR approval policy:
---
approval_policy:
- name: no secrets
description: demo
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
user_approvers_ids:
- 26618947
- type: send_bot_message
enabled: true
approval_settings:
block_branch_modification: false
prevent_pushing_and_force_pushing: false
prevent_approval_by_author: false
prevent_approval_by_commit_author: false
remove_approvals_with_new_commit: false
require_password_to_approve: false
fallback_behavior:
fail: closed- Create new branch
- Commit a change with no secrets/vulnerabilities
- Create new merge request
- Wait for merge request pipeline to finish, and observe MR approval widget remains blocked until page is refreshed
Screenshots
After browser refresh:
What is the current bug behavior?
Widget remains blocked indefinitely (I waited a 10 minutes period) after pipeline verifies there are no secrets and merge requires no approval.
What is the expected correct behavior?
When the pipeline completes, the widget should update along with the others to reflect no approvals are required.
Output of checks
This bug happens on GitLab Self-Managed 17.8.2, 17.9.0
Possible fixes
Edited by Danny Bailey