### Summary When creating a new project with "Secret Detection" or "SAST" enabled but without "Initialize repository with a README", no commit is created if no default branch name is configured at the instance, group, or project level. The service swallows a Gitaly exception silently as Gitaly doesn't like being fed `project.default_branch` as branch name which evaluates to `nil` in this case. Because GitLab.com has an instance-level default branch configured, this isn't reproducible on production: ``` [ gprd ] production> Gitlab::CurrentSettings.default_branch_name => "main" ``` ### Steps to reproduce 1. Ensure no default branch name is configured at the instance level (`Gitlab::CurrentSettings.default_branch_name` is `nil`) 2. Create a new group (without a default branch name configured) 3. Create a new project within that group 4. During project creation, enable "Secret Detection" (or "SAST") but disable "Initialize repository with a README" 5. Complete project creation ### Example Project n/a, requires a specific instance configuration where no default branch name is set. ### What is the current *bug* behavior? The project is created but the repository remains empty. No `.gitlab-ci.yml` commit is created for Secret Detection configuration. The error occurs silently - Gitaly returns `ArgumentError: empty branch name` but this is not surfaced to the user. ### What is the expected *correct* behavior? Either: * The Secret Detection/SAST commit should be created successfully using a sensible fallback branch name (e.g., `"main"`) when no default branch is configured, OR * A clear error message should be shown to the user indicating that a default branch name must be configured ### Relevant logs and/or screenshots Breakpoint within `Security::CiConfiguration::SecretDetectionCreateService`: ```ruby [1] pry> project.repository.empty? => true [2] pry> project.default_branch => nil [3] pry> Gitlab::CurrentSettings.default_branch_name => nil [4] pry> project.repository.add_branch(current_user, branch_name, project.default_branch) ArgumentError: 3:empty branch name. debug_error_string:{UNKNOWN:Error received from peer {grpc_message:"empty branch name", grpc_status:3}} ``` ### Output of checks This bug happens on self-managed instances where no default branch name is configured. ### Possible fixes The issue is in `app/services/security/ci_configuration/base_create_service.rb:36`: ```ruby project.repository.add_branch(current_user, branch_name, project.default_branch) ```