Skip to content

Add an avatar to existing security policy bots

Marcos Rocha requested to merge mc_rocha-update-avatar-existing-security-policy-bots-421386 into master

What does this MR do and why?

The security_policy_bot users can only be identified by name. They don't have a specific avatar. An avatar would make it easier to identify the security_policy_bot users.

The MR !145423 (merged) updated our code to create security_policy_bot with the security-bot avatar. The MR !145423 (merged) added the avatar to new security_policy_bot users. However, we also want to update the existing security_policy_bot users.

This MR adds a background migration to update the avatar image to existing security policy bot users.

Migration up

main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: migrating ===============
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: migrated (0.0276s) ======

Migration down

main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: reverting ===============
main: == 20240227142953 QueueUpdateSecurityPolicyBotAvatar: reverted (0.0366s) ======

Related to: #421386

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
Screenshot_2024-02-23_at_5.35.24_PM Screenshot_2024-02-23_at_5.35.17_PM

How to set up and validate locally

If you already have a project with a security policy, you should have a security_polity_bot user without an avatar. If that is the case, just run the migration and check if the migration updated the bot with the security-bot avatar.

If you don't have a project with a security policy, follow the steps below:

  1. Create a new project
  2. Go to Secure > Policies
  3. Click on New policy
  4. Select Merge request approval policy
  5. Change to .yaml mode
  6. Copy the yaml below:
type: approval_policy
name: a
description: ''
enabled: true
rules:
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - 3dfx Glide License
    license_states:
      - newly_detected
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - owner
approval_settings:
  block_branch_modification: true
  prevent_pushing_and_force_pushing: true
  1. Click on Configure with a merge request
  2. Merge the new MR to add the policy
  3. After our work in !145423 (merged), the policy bots are created with an avatar. To test this migration, we need to delete the avatar with the command below in the rails console:
User.where(user_type: :security_policy_bot).last.update_column(:avatar, nil)
  1. Go to Manage > Members and verify the GitLab Security Policy bot does not have the security-bot avatar
  2. Run the QueueUpdateSecurityPolicyBotAvatar migration
  3. Go to Admin > Monitoring > Background Migrations and wait for the migration to finish
  4. Go to Manage > Members and verify the GitLab Security Policy bot was updated with the security-bot avatar.

image

Edited by Marcos Rocha

Merge request reports