Add an avatar to existing security policy bots
What does this MR do and why?
The security_policy_bot
users can only be identified by name. They don't have a specific avatar. An avatar would make it easier to identify the security_policy_bot
users.
The MR !145423 (merged) updated our code to create security_policy_bot
with the security-bot
avatar. The MR !145423 (merged) added the avatar to new security_policy_bot
users. However, we also want to update the existing security_policy_bot
users.
This MR adds a background migration to update the avatar image to existing security policy bot users.
Migration up
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: migrating ===============
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: migrated (0.0276s) ======
Migration down
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: reverting ===============
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: reverted (0.0366s) ======
Related to: #421386
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
If you already have a project with a security policy, you should have a security_polity_bot
user without an avatar. If that is the case, just run the migration and check if the migration updated the bot with the security-bot
avatar.
If you don't have a project with a security policy, follow the steps below:
- Create a new project
- Go to Secure > Policies
- Click on New policy
- Select Merge request approval policy
- Change to .yaml mode
- Copy the yaml below:
type: approval_policy
name: a
description: ''
enabled: true
rules:
- type: license_finding
match_on_inclusion: true
license_types:
- 3dfx Glide License
license_states:
- newly_detected
branch_type: protected
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- owner
approval_settings:
block_branch_modification: true
prevent_pushing_and_force_pushing: true
- Click on Configure with a merge request
- Merge the new MR to add the policy
- After our work in !145423 (merged), the policy bots are created with an avatar. To test this migration, we need to delete the avatar with the command below in the rails console:
User.where(user_type: :security_policy_bot).last.update_column(:avatar, nil)
- Go to Manage > Members and verify the GitLab Security Policy bot does not have the
security-bot
avatar - Run the
QueueUpdateSecurityPolicyBotAvatar
migration - Go to Admin > Monitoring > Background Migrations and wait for the migration to finish
- Go to Manage > Members and verify the GitLab Security Policy bot was updated with the
security-bot
avatar.