Race condition: MR merged without code suggestion changes when using auto-merge (#584842) · Issues · GitLab.org / GitLab

Race condition: MR merged without code suggestion changes when using auto-merge

<details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=584842) </details>  ## Summary When applying a code suggestion to a merge request that has auto-merge enabled, a race condition can occur where the MR is merged immediately without the suggested changes being applied. The new commit with the suggestion is created in the source branch, but the merged code differs from what was displayed in the MR. ## Steps to Reproduce 1. Create a merge request 2. Enable auto-merge on the MR 3. Wait for the pipeline to complete and turn green 4. Add a code suggestion to the MR 5. Approve the MR 6. Click "Apply suggestion" ## Current Behavior - The MR gets merged immediately without the suggested changes being applied - A new commit with the suggestion appears in the source branch - The code that was actually merged differs from what was shown in the MR before merge - This creates a discrepancy between what reviewers approved and what was merged ## Expected Behavior - When a code suggestion is applied to an MR with auto-merge enabled, one of the following should occur: - The auto-merge should be cancelled or postponed until the new commit's pipeline completes - The suggestion should be applied before the auto-merge is triggered - The system should prevent applying suggestions while auto-merge is pending ## Environment Details - **Feature**: Code Suggestions + Auto-merge - **Affected Components**: Merge Requests, Code Suggestions, Auto-merge - **Deployment Type**: GitLab Self-Managed 18.5.2 <details> <summary>gitlab-rake gitlab:env:info</summary> ``` System information System: Ubuntu 22.04 Proxy: no Current User: git Using RVM: no Ruby Version: 3.2.8 Gem Version: 3.7.1 Bundler Version:2.7.1 Rake Version: 13.0.6 Redis Version: 7.2.11 Sidekiq Version:7.3.9 Go Version: unknown GitLab information Version: 18.5.2-ee+1_51_0_23ca0768_nb Revision: 944ce243d98 Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: PostgreSQL DB Version: 16.10 URL: https://gitlab.testing.nebius.dev HTTP Clone URL: https://gitlab.testing.nebius.dev/some-group/some-project.git SSH Clone URL: git@gitlab.testing.nebius.dev:some-group/some-project.git Elasticsearch: no Geo: yes Geo node: Primary Using LDAP: no Using Omniauth: yes Omniauth Providers: azure_activedirectory_v2 GitLab Shell Version: 14.45.3 Repository storages: - default: unix:/var/opt/gitlab/gitaly/gitaly.socket GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell Gitaly - default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket - default Version: 18.5.2+1_51_0_23ca0768_nb - default Git Version: 2.50.1 ``` </details> <details> <summary>gitlab-rake gitlab:check SANITIZE=true</summary> ``` Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 14.45.3 ? ... OK (14.45.3) Running /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes (cluster/worker) ... 1/11 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Database config exists? ... yes Tables are truncated? ... skipped All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Cable config exists? ... yes Resque config exists? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Systemd unit files or init script exist? ... skipped (omnibus-gitlab has neither init script nor systemd units) Systemd unit files or init script up-to-date? ... skipped (omnibus-gitlab has neither init script nor systemd units) Projects have namespace: ... 1/1 ... yes 70/67 ... yes 77/68 ... yes 79/73 ... yes 80/74 ... yes 140/109 ... yes 140/110 ... yes 99/111 ... yes 91/113 ... yes 149/115 ... yes 79/116 ... yes 159/117 ... yes 165/121 ... yes 74/122 ... yes 74/123 ... yes 87/124 ... yes 103/125 ... yes 140/128 ... yes 188/129 ... yes 75/132 ... yes 4333/135 ... yes 3628/138 ... yes 4353/146 ... yes 4309/160 ... yes 3105/162 ... yes 149/163 ... yes 4309/164 ... yes 87/165 ... yes 195/166 ... yes 4382/167 ... yes 3628/168 ... yes 3628/169 ... yes 3628/170 ... yes 4309/171 ... yes 74/172 ... yes 74/173 ... yes 70/174 ... yes 3628/175 ... yes 87/176 ... yes 71/177 ... yes 3628/178 ... yes 204/179 ... yes 71/180 ... yes 3628/181 ... yes 189/182 ... yes 71/184 ... yes 71/185 ... yes 98/186 ... yes 5037/187 ... yes 189/188 ... yes 149/189 ... yes 4309/190 ... yes 3628/191 ... yes 5152/192 ... yes 5198/193 ... yes Redis version >= 6.2.14? ... yes Ruby version >= 3.0.6 ? ... yes (3.2.8) Git user has default SSH configuration? ... yes Active users: ... 55 Is authorized keys file accessible? ... skipped (authorized keys not enabled) GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Elasticsearch version 7.x-9.x or OpenSearch version 1.x-3.x ... skipped (advanced search is disabled) All migrations must be finished before doing a major upgrade ... skipped (Advanced Search is disabled) Checking GitLab App ... Finished Checking Geo ... GitLab Geo is available ... GitLab Geo is enabled ... yes This machine's Geo node name matches a database record ... yes, found a primary node named "primary_node_testing_hwaas_man" GitLab Geo tracking database is not configured after promotion ... yes HTTP/HTTPS repository cloning is enabled ... yes Machine clock is synchronized ... Exception: Network is unreachable - connect(2) for "pool.ntp.org" port ntp Git user has default SSH configuration? ... yes OpenSSH configured to use AuthorizedKeysCommand ... yes GitLab configured to disable writing to authorized_keys file ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Checking Geo ... Finished Checking GitLab subtasks ... Finished ``` </details> ## Impact This is a critical issue because: - Code that was not reviewed gets merged into the codebase - The audit trail shows approval for different code than what was actually merged - Pipeline checks may not have run on the final merged code - This violates the principle of reviewed code being what gets merged ## Possible Root Cause The auto-merge process likely doesn't account for concurrent changes to the source branch (like applying suggestions) and may not wait for the new commit's pipeline to complete before merging. ## Related - Code Suggestions feature - Auto-merge functionality - Merge request workflow

issue