Migrate scan_result_policy_violations callers to approval_policy_rules

What does this MR do and why?

Policy violations are records that track whether a merge request violates a security policy. They are created when evaluation finds a violation, deleted when a policy is removed, and matched when generating bot comments or checking mergeability. All of these operations previously keyed on scan_result_policy_id — meaning they only worked when the scan_result_policies table was populated. With #510281 we are deprecating scan_result_policy_reads, This MR updates the services to use the approval_policy_source adapter.

MR chain

This is part 4 of 4 in the scan_result_policies deprecation chain:

  1. !231013 (merged) — Foundation: ApprovalPolicySource adapter, feature flag, ApprovalRuleLike integration
  2. !231014 (merged) — Service callers: Migrate ~10 services/libs from scan_result_policy_read to approval_policy_source
  3. !231015 (merged) — Project queries: Flag-aware has_approval_policy_rules? and approval_policy_rules_targeting_commits on Project
  4. !231016 (merged) — Violation FK handling (this MR): Flag-gated violation create/delete/match using approval_policy_rule_id

References

#510281

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #510281

Edited by Sashi Kumar Kumaresan

Merge request reports

Loading