Fix duplicate license_scanning approval rule in MR approvals
What does this MR do and why?
Addresses #420335 (closed)
This MR fixes a bug in MR approvals where the approval rules are duplicated when a scan result policy is configured with both license_scanning and scan_finding report type.
Since both the rules has the same approvers, it does not make sense to show 2 entries in approval rules section, so merging them into a single rule would be more intuitive.
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Create a scan result policy that contains both
license_findingandscan_findingrules in a same policy
type: scan_result_policy
name: Scan Result Policy rule
description: ''
enabled: true
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- GNU General Public License v2.0 or later
- GNU Affero General Public License v3.0
license_states:
- newly_detected
branches:
- main
- type: scan_finding
scanners:
- dependency_scanning
- dast
- sast
vulnerabilities_allowed: 0
severity_levels:
- critical
vulnerability_states:
- newly_detected
branches:
- main
actions:
- type: require_approval
approvals_required: 1
group_approvers_ids:
- 22- Create a MR with some random changes and check the approvals section that the rules are not duplicated
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Sashi Kumar Kumaresan