Allow "Pipeline Must Succeed" for security policy projects when CI/CD enabled
Summary
In !162462 (merged) an auto disable was introduced for "Pipeline Must Succeed" for security policy projects.
This causes issues as it prevents using popper validation pipelines on security projects, as the output of the pipeline can not be used to automatically prevent merge and now relies upon the approver to check that it passed correctly and in full prior to approving it.
Steps to reproduce
- Create a security policy using the instructions from the gitlab docs.
- Navigate to the newly created project - Security policy project
- Navigate to Settings -> Merge Requests -> Merge checks and enable Pipeline Must Succeed
- Save the settings and observe the checkbox is disabled after the page is refreshed
What is the current bug behavior?
- The check box does not say checked and there is no indication in the UI as to why.
- The API output for only_allow_merge_if_pipeline_succeeds does not match the UI
What is the expected correct behavior?
- The "Pipeline Must Succeed" should default to disabled on security projects but should be enabled if chosen (this prevents need to manually disable it on new security projects but (where ci is off by default), while still allowing flexibility to turn it on if wanted) .
- The API and UI should match
Suggestion
Perhaps it would be better to auto disable the option only_allow_merge_if_pipeline_succeeds if the option jobs_enabled is false.
When jobs_enabled is false the UI should show a notification near the Pipelines must succeed section to say that it can't be enabled if the CI/CD option is not enabled; perhaps with a quick link to the appropriate setting in the 'General' settings category in the same style as the Skipped pipelines are considered successful eg.
Note
I the company I work for that this issue is impacting is a Gitlab Ultimate Customer
Possible Fix
-
backend Update only_allow_merge_if_pipeline_succeedsto return project's setting instead offalseby default