Draft: Fix approval policy effects on protected branches (!149991) · Merge requests · GitLab.org / GitLab

Dominic Bauer requested to merge 456499-settings-for-merge-request-approval-policy-with-multiple-rules-not-being-properly-enforced into master Apr 18, 2024

What does this MR do and why?

TODO

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before

After

How to set up and validate locally

Create a new group and a contained project
On the project level:
- Navigate to Settings > Repository and create the following branch protections:
  - test-123
  - develop
  - foo*
  - foobar
On the group level:
- Navigate to Security > Policies and create the following MR approval policy:

type: approval_policy
name: Block protected branches
enabled: true
rules:
  - type: any_merge_request
    branches: [test-*]
    commits: any
  - type: any_merge_request
    branches: [develop]
    commits: any
  - type: any_merge_request
    branches: [foo*]
    commits: any
actions:
  - type: require_approval
    approvals_required: 1
    role_approvers: [owner]
approval_settings:
  block_branch_modification: true
  prevent_pushing_and_force_pushing: true

On the project level, navigate to Settings > Repository and verify that none of the previously created protections can be removed.

Related to #456499

Edited Apr 18, 2024 by Dominic Bauer

Draft: Fix approval policy effects on protected branches