Sync security policies when protected branch is created or destroyed
What does this MR do and why?
This MR adds event handlers to handle creation and deletion of protected branch for a project or a group.
Currently when a protected branch is created or destroyed, we call Security::ProcessScanResultPolicyWorker for all the projects in the group (if the protected branch is for the group) in the same request action (without a background job). This MR updates it by publishing an event and handling the event asynchronously.
With Use database read model for merge request appr... (&9971 - closed), we started reading the security policies from the database instead of from the git repository. And we have use_approval_policy_rules_for_approval_rules feature flag to read the approval rules from read model. This MR also updates the logic to read from the read model to verify if the created/deleted protected branch is referred in the policy and need a resync.
References
Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
- Addresses #499432 (closed)
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- Follow !175448 (merged)
Addresses #499432 (closed)