Migrate scan_result_policy_violations callers to approval_policy_rules
What does this MR do and why?
Policy violations are records that track whether a merge request violates a security policy. They are created when evaluation finds a violation, deleted when a policy is removed, and matched when generating bot comments or checking mergeability. All of these operations previously keyed on scan_result_policy_id — meaning they only worked when the scan_result_policies table was populated. With #510281 we are deprecating scan_result_policy_reads, This MR updates the services to use the approval_policy_source adapter.
MR chain
This is part 4 of 4 in the scan_result_policies deprecation chain:
- !231013 (merged) — Foundation:
ApprovalPolicySourceadapter, feature flag,ApprovalRuleLikeintegration - !231014 (merged) — Service callers: Migrate ~10 services/libs from
scan_result_policy_readtoapproval_policy_source - !231015 (merged) — Project queries: Flag-aware
has_approval_policy_rules?andapproval_policy_rules_targeting_commitson Project - !231016 (merged) — Violation FK handling (this MR): Flag-gated violation create/delete/match using
approval_policy_rule_id
References
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #510281