Approval required for all protected branches if the listed branches in the rule do not exist.
Summary
The approval is required for all protected branches if the listed protected branches in the rule (at group level) doesn't exist in the project.
rules:
- type: any_merge_request
commits: any
branches:
- prod
- production
(There are no prod and production branches in the project)
Steps to reproduce
1- Project has no branches named prod or production and has the following branches
-
branch02unprotected -
devdefault and protected -
mainprotected
2- Create a Merge Approval policy at group level that requires MR approval only for branches named prod and production :
approval_policy:
- name: Approvals
description: >-
Require at least one approval from The Team.
enabled: true
actions:
- type: require_approval
approvals_required: 1
- type: send_bot_message
enabled: true
rules:
- type: any_merge_request
commits: any
branches:
- prod
- production
approval_settings:
block_branch_modification: false
block_group_branch_modification: false
prevent_pushing_and_force_pushing: false
prevent_approval_by_author: false
prevent_approval_by_commit_author: false
remove_approvals_with_new_commit: false
require_password_to_approve: false
policy_scope:
projects:
excluding: []
fallback_behavior:
fail: closed3- You will Need approval branch02 to dev or from branch02 to main. We expect no approval at all.
Example Project
https://gitlab.com/sbouly_ultimate_group/policyscopetest/project03/-/merge_requests
What is the current bug behavior?
Approval required on all protected branches
What is the expected correct behavior?
No approval required
Workaround
Workaround1: Add to the policy, branch exceptions:
branch_exceptions:
- name: dev
Workaround2: Add to the project the branches listed in the policy (here prod and production)