Persist approval_settings and any_merge_request rules in policies (!130630) · Merge requests · GitLab.org / GitLab

Martin Čavoj requested to merge 418752-be-persist-project-approval-settings-in-security-policies into master Aug 31, 2023

What does this MR do and why?

This MR introduces changes so that we start persisting approval_settings and any merge request rules from policies in scan_result_policies table.

Screenshots or screen recordings

scan_result_policies record:

approval_project_rules record for any_merge_request rule:

How to set up and validate locally

Go to Secure -> Policies
Create new Scan Result Policy

Switch to the .yaml mode and use the following YAML:

type: scan_result_policy
name: Any unsigned MR
description: ''
enabled: true
rules:
  - type: any_merge_request
    branch_type: protected
    commits: unsigned
actions:
  - type: require_approval
    approvals_required: 1
    user_approvers_ids:
      - 4 # Change to any existing user ID with access to the project
approval_settings:
  prevent_approval_by_author: true
  prevent_approval_by_commit_author: false
  remove_approvals_with_new_commit: false
  require_password_to_approve: true

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #418752 (closed)

Edited Aug 31, 2023 by Martin Čavoj

Persist approval_settings and any_merge_request rules in policies

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports