BE: Update merge request approval policy violation detection and mergeability checks for warn mode

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Why are we doing this work

This backend implementation updates the merge request approval policy violation detection and mergeability checks to properly handle warn mode policies and dismissed findings. When policies are in warn mode, merge requests should be allowed to proceed even with violations, but the system needs to track these violations and respect dismissals made by developers.

This builds on the dismissal service layer and ensures that the merge request workflow correctly handles both warn and enforce modes.

Relevant links

• Epic: &15552
• Related issue: #549766 (closed)
• Service dependency: #561887 (closed)
• Infrastructure dependency: #561886 (closed)
• Schema dependency: #561885 (closed)

Implementation

• Update merge request approval policy violation logic to handle dismissed findings
• Modify mergeability checks to consider warn mode and dismissals when determining merge eligibility
• Update scan result policy violation data to include dismissal metadata
• Enhance MR widget data to include information about dismissals and warn mode status
• Update policy violation detection to differentiate between warn and enforce modes
• Ensure proper handling of mixed policy scenarios (some warn, some enforce)

Technical notes

• Mergeability checks must distinguish between warn and enforce mode violations
• Dismissed findings should not block merge requests in either mode
• MR widget needs dismissal summary data for frontend display
• Policy violation queries must be optimized for performance with dismissal joins
• Backward compatibility with existing policy violation logic
• Proper handling of edge cases like policy mode changes during MR lifecycle
• Integration with existing approval rule and mergeability check infrastructure

Validation Steps

• Merge requests with warn mode violations can proceed without blocking
• Dismissed findings do not prevent merge in either warn or enforce mode
• Enforce mode violations still block merge requests as expected
• MR widget displays accurate dismissal and violation status information
• Mixed policy scenarios handled correctly (some policies warn, others enforce)
• Performance remains acceptable with dismissal metadata queries
• Existing mergeability check functionality unaffected
• Policy mode changes during MR lifecycle handled gracefully