Skip to content

Add errors into detailed policy bot comment

Martin Čavoj requested to merge 433403-extend-policy-bot-comment-with-violation-data-4 into master

What does this MR do and why?

This MR adds policy evaluation errors into detailed policy bot comment.

Depends on !147561 (merged).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Missing artifacts (CI misconfiguration) Scan removed Recording
CleanShot_2024-03-25_at_18.47.02_2x CleanShot_2024-03-25_at_18.53.59_2x CleanShot_2024-03-25_at_18.48.35

How to set up and validate locally

  1. Create a project
  2. Enable feature flag in rails console: 
    Feature.enable(:save_policy_violation_data, Project.last)
  3. Go to Secure -> Policies and create a new Merge request approval policy with the following YAML: 
    type: approval_policy
name: Sec & Lic
description: ''
enabled: true
rules:
  - type: scan_finding
    scanners: []
    vulnerabilities_allowed: 0
    severity_levels: []
    vulnerability_states: []
    branch_type: protected
  - type: license_finding
    match_on_inclusion: true
    license_types:
      - BSD 3-Clause "New" or "Revised" License
    license_states:
      - newly_detected
    branch_type: protected
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
      - developer
  4. Configure with merge request & merge
  5. Go back to the project and update README.md in a new MR
  6. Verify that bot comment is created and includes two errors, mentioning missing artifacts.

Related to #433403 (closed)

Edited by Martin Čavoj

Merge request reports