Consistently disable Pipeline Must Succeed setting for security policy projects
What does this MR do and why?
In !162462 (merged) we introduced an override for the Pipeline success for auto-merge project setting for security policy projects. We enforce an effective value of false.
This merge request solves two related problems:
- The override is not reflected in the project settings UI, which still allows users to tick the checkbox for the setting. But changes to the setting don't reflect in the checkbox state on save.
- The API may still respond with a value of
trueinstead of the overridingfalse.
References
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
How to set up and validate locally
- Enable the feature flag:
echo "Feature.enable(:security_policy_project_pipeline_must_succeed)" | rails c- Create two projects, A and B
- On the project-level of B, navigate to
Settings > Merge requests, enablePipelines must succeedandSave changes - On the project-level of A, navigate to
Secure > Policies, clickEdit policy project, select project B andSave - On the project-level of B, navigate to
Settings > Merge requestsand verify thePipelines must succeedsetting is locked with the expected popover message - Note the project ID of B and verify its
only_allow_merge_if_pipeline_succeedsproperty isfalsein API responses:
curl -sH "PRIVATE-TOKEN: $GITLAB_TOKEN" http://gdk.test:3000/api/v4/projects/$PROJECT_ID | jq '.only_allow_merge_if_pipeline_succeeds'
false- Disable the feature flag and verify the current behaviour is restored:
echo "Feature.disable(:security_policy_project_pipeline_must_succeed)" | rails cMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #534276 (closed)
Edited by Dominic Bauer