Sync approvals required after syncing rules
What does this MR do and why?
Currently approval rules are synced against the head pipeline in two occasions:
- After a pipeline has been set to complete
- As part of the after create service for MRs
With !92010 (merged) approval rules are refreshed thus there is a need to reuse the same sync job mentioned above.
TLDR; This MR adds a call to the existing sync report approvals worker just after the approval rules have been refreshed from the policy project.
How to set up and validate locally
- Create a new project
- Push a new branch and open a merge request with the following:
include:
- template: Security/Container-Scanning.gitlab-ci.yml
variables:
DOCKER_IMAGE: python:3.4-alpine
- Expectation: After the pipeline has been completed approval rule will NOT be present.
- Navigate to
Security & Compliance > Policies
, clickNew Policy
- Create a new
Scan result policy
with:- scanners only set to
SAST
. - set the approver to anyone other than the MR author.
- scanners only set to
- Expectation: After the async job has been run the merge request will display the approval rule but approval will NOT be required.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins