Disable change default button
What does this MR do and why?
Disable change default option
- for branches that are protected by a security policy
- add popover explaining why it was disabled
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
![]() |
![]() |
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Upload a GitLab Ultimate license
- Enable the feature flags
echo "Feature.enable(:scan_result_policies_block_unprotecting_branches)" | rails c
- Go to Project => Settings => Repository => Branch defaults => Make
main
the default branch - Go to Secure -> Policies -> New policy -> Scan Result Policy
- Go to yaml mode
- Use this policy:
type: scan_result_policy
name: Require approval for vulnerabilities
description: ''
enabled: true
rules:
- type: scan_finding
scanners: []
vulnerabilities_allowed: 0
severity_levels: []
vulnerability_states: []
branch_type: default
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- maintainer
- developer
approval_settings:
block_unprotecting_branches: true
- Save the policy
- Go the Project => Settings => Repository => Branch defaults
- Verify the default branch cannot be changed and a popover shows up over the button
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #430304 (closed)
Edited by Alexander Turinske