Sync approvals required after syncing rules (!92947) · Merge requests · GitLab.org / GitLab

Zamir Martins requested to merge sync_approvals_required_after_syncing_rules into master Jul 20, 2022

What does this MR do and why?

Currently approval rules are synced against the head pipeline in two occasions:

After a pipeline has been set to complete
As part of the after create service for MRs

With !92010 (merged) approval rules are refreshed thus there is a need to reuse the same sync job mentioned above.

TLDR; This MR adds a call to the existing sync report approvals worker just after the approval rules have been refreshed from the policy project.

How to set up and validate locally

Create a new project
Push a new branch and open a merge request with the following:

include:
  - template: Security/Container-Scanning.gitlab-ci.yml
variables:
  DOCKER_IMAGE: python:3.4-alpine

Expectation: After the pipeline has been completed approval rule will NOT be present.
Navigate to Security & Compliance > Policies, click New Policy
Create a new Scan result policy with:
1. scanners only set to SAST.
2. set the approver to anyone other than the MR author.
Expectation: After the async job has been run the merge request will display the approval rule but approval will NOT be required.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 21, 2022 by Zamir Martins

Sync approvals required after syncing rules

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports