Fix `branch_exceptions` for `branch_type: protected` (!128235) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 418741-be-add-support-for-branch-exceptions-for-scan-execution-policies-and-scan-result-policies-2 into master Aug 02, 2023

What does this MR do and why?

Fixes a bug in !126963 (merged) where branch_exceptions are not correctly applied in the case of branch_type: protected.

How to set up and validate locally

Create a new project
Enable the security_policies_branch_exceptions feature flag for the project
Create the develop branch based off main
Protect the develop branch
Create the following scan result policy for the project:

type: scan_result_policy
name: Container Scanning
description: ''
enabled: true
rules:
- type: scan_finding
  scanners:
  - container_scanning
  vulnerabilities_allowed: 0
  severity_levels: []
  vulnerability_states: []
  branch_type: protected
  branch_exceptions: [develop]
actions:
- type: require_approval
  approvals_required: 1
  group_approvers_ids:
  - 64024513

Open MRs targeting main/develop and verify only the MR targeting main requires approval

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #418741 (closed)

Fix `branch_exceptions` for `branch_type: protected`

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports