Scan Execution and Scan Result changes cannot be merged when "Pipelines must succeed" is enabled
Summary
Security Policy projects have CI/CD disabled by default. When the namespace-level feature "Pipelines must succeed" is enabled all MRs require a successful pipeline before a change can be merged. This will prevent merging changes to Security Policies as, by default, pipelines are not run on Security Policy Projects.
Steps to reproduce
- Create a group
- In Group Settings enable "Pipelines must succeed" under General → Merge Requests
- Create a new project and, from that project, a new Security Policy Project.
- Attempt to change the Security Policies.
Example Project
What is the current bug behavior?
MRs for Policy changes are blocked unless the feature is disabled
What is the expected correct behavior?
I'm not sure if the correct behavior here is for Security Policy Projects to bypass the pipeline requirement or running a stub pipeline to satisfy the pipeline requirement.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com
Workaround
In the Security Policy Project navigate to Settings → "Visibility, project features, permissions" and enable "CI/CD". Then add a basic .gitlab-ci.yml file to the default branch:
Requirement for Merge Request:
image: alpine:latest
script:
- echo "This pipeline is a success."