From 1e360e0096d4cf67b5f1d741557df87b068728c6 Mon Sep 17 00:00:00 2001 From: Sashi Kumar Date: Mon, 12 Aug 2024 18:04:03 +0200 Subject: [PATCH 1/2] Disable pipeline must succeed setting for security policy project This change disables the only_allow_merge_if_pipeline_succeeds setting for a project if it is a security policy project. EE: true Changelog: fixed --- ee/app/models/ee/project.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb index d39a62fb6c2b19..23d070d6607c46 100644 --- a/ee/app/models/ee/project.rb +++ b/ee/app/models/ee/project.rb @@ -507,6 +507,12 @@ def self.cascading_with_parent_namespace(attribute) cascading_with_parent_namespace :only_allow_merge_if_all_discussions_are_resolved cascading_with_parent_namespace :allow_merge_without_pipeline + def only_allow_merge_if_pipeline_succeeds?(inherit_group_setting: false) + false if licensed_feature_available?(:security_orchestration_policies) && security_policy_management_project_linked_configurations.exists? + + super(inherit_group_setting: inherit_group_setting) + end + def mirror_last_update_succeeded? !!import_state&.last_update_succeeded? end -- GitLab From bc6100a5c1e839ab88f8a0fc6d2ad35a9388fe55 Mon Sep 17 00:00:00 2001 From: Sashi Kumar Date: Mon, 19 Aug 2024 22:56:35 +0200 Subject: [PATCH 2/2] Fix spec and refactor override --- ee/app/models/ee/project.rb | 12 ++++++------ ee/spec/models/ee/project_spec.rb | 23 +++++++++++++++++++++++ 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/ee/app/models/ee/project.rb b/ee/app/models/ee/project.rb index 23d070d6607c46..d5712366a6b21c 100644 --- a/ee/app/models/ee/project.rb +++ b/ee/app/models/ee/project.rb @@ -484,6 +484,12 @@ def self.cascading_with_parent_namespace(attribute) end define_method("#{attribute}?") do |inherit_group_setting: false| + if attribute == :only_allow_merge_if_pipeline_succeeds && + licensed_feature_available?(:security_orchestration_policies) && + security_policy_management_project_linked_configurations.exists? + return false + end + return super() unless licensed_feature_available?(:group_level_merge_checks_setting) if inherit_group_setting @@ -507,12 +513,6 @@ def self.cascading_with_parent_namespace(attribute) cascading_with_parent_namespace :only_allow_merge_if_all_discussions_are_resolved cascading_with_parent_namespace :allow_merge_without_pipeline - def only_allow_merge_if_pipeline_succeeds?(inherit_group_setting: false) - false if licensed_feature_available?(:security_orchestration_policies) && security_policy_management_project_linked_configurations.exists? - - super(inherit_group_setting: inherit_group_setting) - end - def mirror_last_update_succeeded? !!import_state&.last_update_succeeded? end diff --git a/ee/spec/models/ee/project_spec.rb b/ee/spec/models/ee/project_spec.rb index 05e9b0c926ee70..7359931f2c7c58 100644 --- a/ee/spec/models/ee/project_spec.rb +++ b/ee/spec/models/ee/project_spec.rb @@ -4263,6 +4263,29 @@ def stub_default_url_options(host) end end + describe '#only_allow_merge_if_pipeline_succeeds?' do + before do + stub_licensed_features(security_orchestration_policies: true) + project.update!(only_allow_merge_if_pipeline_succeeds: true) + end + + context 'when project is not a security policy project' do + it 'returns true' do + expect(project.only_allow_merge_if_pipeline_succeeds?).to be_truthy + end + end + + context 'when project is a security policy project' do + before do + create(:security_orchestration_policy_configuration, security_policy_management_project: project) + end + + it 'returns false' do + expect(project.only_allow_merge_if_pipeline_succeeds?).to be_falsey + end + end + end + describe '#okrs_mvc_feature_flag_enabled?' do let_it_be(:project) { create(:project) } -- GitLab