Policy branch rules configured to require approval only on release/production are requiring approval on release/staging
Summary
Reported in US gov ticket 12008, the policy rules are not being properly honored. When targeting release/production, approvals are incorrectly required on policies targeting the release/staging branch.
Steps to reproduce
- Use the following
policy.ymlconfig:
approval_policy:
- name: production_approval
description: Get approval for release to production
enabled: true
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 1234657
- type: send_bot_message
enabled: true
rules:
- type: any_merge_request
commits: any
branches:
- release/production
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
prevent_approval_by_author: true
prevent_approval_by_commit_author: true
remove_approvals_with_new_commit: true
require_password_to_approve: false
fallback_behavior:
fail: closed- Observe that MR to the
release/stagingbranch is blocked by myproduction_approvalrule in spite of the rule targetingrelease/productiononly.
Example Project
What is the current bug behavior?
What is the expected correct behavior?
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: \`sudo gitlab-rake gitlab:env:info\`) (For installations from source run and paste the output of: \`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing)
Possible fixes
Edited by 🤖 GitLab Bot 🤖