Skip to content

Add prevent approval by author check for GitLab standards adherence

Huzaifa Iftikhar requested to merge 413233_add_prevent_author_approval_check into master

What does this MR do and why?

  1. Add prevent approval by author check to Gitlab standard. This check is executed whenever 'prevent approval by author' merge request approval setting is updated. It creates a row inside the projects_compliance_standards_adherence table storing the current compliance status for the project.
  2. Create a reusable finder class AdherenceFinder to fetch rows from the above table.
  3. Inherit the base class from BaseContainerService to resolve this follow-up comment.

Database

Query 1 
SELECT
    "project_compliance_standards_adherence".*
FROM
    "project_compliance_standards_adherence"
WHERE
    "project_compliance_standards_adherence"."namespace_id" = 6670
    AND "project_compliance_standards_adherence"."project_id" = 278964
    AND "project_compliance_standards_adherence"."check_name" = 0
    AND "project_compliance_standards_adherence"."standard" = 0
ORDER BY
    "project_compliance_standards_adherence"."id" ASC
LIMIT 1

Link to DB lab - https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19752/commands/64664 We don't have any rows inside projects_compliance_standards_adherence table.

Query 2 
SELECT
    "projects"."id"
FROM
    "projects"
WHERE
    "projects"."namespace_id" IN (
        SELECT
            namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id
        FROM
            "namespaces"
        WHERE
            "namespaces"."type" = 'Group'
            AND (traversal_ids @> ('{9970}')))

Link to DB bab - https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19752/commands/64645

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Test the project level settings

  1. Ensure that you have a GitLab Ultimate license.
  2. Run Projects::ComplianceStandards::Adherence.count inside rails console and ensure that the count is zero.
  3. Navigate to a project's Settings > Merge requests and then enable 'Prevent approval by author' setting.
  4. Run Projects::ComplianceStandards::Adherence.last inside rails console and ensure that a row with correct attributes for status, check_name, standard is created.
  5. Navigate to a project's Settings > Merge requests and then disable 'Prevent approval by author' setting.
  6. Run Projects::ComplianceStandards::Adherence.last inside rails console and ensure that the status column has been updated to fail from success.

Test the group level settings

  1. Navigate to a group's Settings > General. Expand the 'Merge request approvals' section and then enable 'Prevent approval by author' setting.
  2. Run Projects::ComplianceStandards::Adherence.for_group(<group_id>) inside rails console and ensure that records for all the projects inside that group is is created (including projects inside a sub-groups).
  3. Also ensure that the fields for these rows are correct, the status should be 'success' for all the rows, standard should be 'gitlab' and check_name should be 'prevent_approval_by_merge_request_author'.
  4. Navigate to a group's Settings > General. Expand the 'Merge request approvals' section and then disable 'Prevent approval by author' setting.
  5. Run Projects::ComplianceStandards::Adherence.for_group(<group_id>) inside rails console and verify that the the rows are now compliance as per their project settings.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #413233 (closed)

Edited by Huzaifa Iftikhar

Merge request reports