Skip to content

Add prevent approval by committer check for GitLab standards adherence

Huzaifa Iftikhar requested to merge 413234_add_check_for_committer_approved_mr into master

What does this MR do and why?

  1. Add prevent approval by committer check to Gitlab standard. This check is executed whenever 'prevent approval by committer' merge request approval setting is updated. It creates a row inside the projects_compliance_standards_adherence table storing the current compliance status for the project.
  2. Create group_base_worker.rb and base_worker.rb and inherit new and existing workers inside compliance_management/standards/gitlab from it.
  3. Move a lot reusable code to the compliance_management/standards/gitlab/base_service.rb and inherit the other services inside ee/app/services/compliance_management/standards/gitlab/ from it.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Test the project level settings

  1. Ensure that you have a GitLab Ultimate license.
  2. Enable feature flag Feature.enable(:compliance_adherence_report)
  3. Run Projects::ComplianceStandards::Adherence.for_check_name(:prevent_approval_by_merge_request_committers).count inside rails console and ensure that the count is zero.
  4. Navigate to a project's Settings > Merge requests and then enable 'Prevent approvals by users who add commits' setting.
  5. Run Projects::ComplianceStandards::Adherence.last inside rails console and ensure that a row with correct attributes for status, check_name, standard is created.
  6. Navigate to a project's Settings > Merge requests and then disable 'Prevent approvals by users who add commits' setting.
  7. Run Projects::ComplianceStandards::Adherence.last inside rails console and ensure that the status column has been updated to fail from success.

Test the group level settings

  1. Navigate to a group's Settings > General. Expand the 'Merge request approvals' section and then enable 'Prevent approvals by users who add commits' setting.
  2. Run Projects::ComplianceStandards::Adherence.for_check_name(:prevent_approval_by_merge_request_committers).for_group(<group_id>) inside rails console and ensure that records for all the projects inside that group is is created (including projects inside a sub-groups).
  3. Also ensure that the fields for these rows are correct, the status should be 'success' for all the rows, standard should be 'gitlab' and check_name should be 'prevent_approval_by_merge_request_committers'.
  4. Navigate to a group's Settings > General. Expand the 'Merge request approvals' section and then disable 'Prevent approvals by users who add commits' setting.
  5. Run Projects::ComplianceStandards::Adherence.for_check_name(:prevent_approval_by_merge_request_committers).for_group(<group_id>) inside rails console and verify that the the rows have status as per their project settings.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Closes #413234 (closed)

Edited by Huzaifa Iftikhar

Merge request reports