diff options
| -rw-r--r-- | .gitlab/merge_request_templates/Security Release.md | 3 | ||||
| -rw-r--r-- | danger/changelog/Dangerfile | 2 | ||||
| -rw-r--r-- | danger/metadata/Dangerfile | 2 | ||||
| -rw-r--r-- | doc/administration/plugins.md | 2 | ||||
| -rw-r--r-- | lib/gitlab/danger/helper.rb | 6 | ||||
| -rw-r--r-- | spec/lib/gitlab/danger/changelog_spec.rb | 1 | ||||
| -rw-r--r-- | spec/lib/gitlab/danger/helper_spec.rb | 22 |
7 files changed, 34 insertions, 4 deletions
diff --git a/.gitlab/merge_request_templates/Security Release.md b/.gitlab/merge_request_templates/Security Release.md index 6556b9c9a72..30eb2afaa4d 100644 --- a/.gitlab/merge_request_templates/Security Release.md +++ b/.gitlab/merge_request_templates/Security Release.md @@ -14,7 +14,7 @@ See [the general developer security release guidelines](https://gitlab.com/gitla - [ ] Link this MR in the `links` section of the related issue on [GitLab Security]. - [ ] Merge request targets `master`, or `X-Y-stable` for backports. -- [ ] Milestone is set for the version this merge request applies to. +- [ ] Milestone is set for the version this merge request applies to. A closed milestone can be assigned via [quick actions]. - [ ] Title of this merge request is the same as for all backports. - [ ] A [CHANGELOG entry](https://docs.gitlab.com/ee/development/changelog.html) is added without a `merge_request` value, with `type` set to `security` - [ ] Assign to a reviewer and maintainer, per our [Code Review process]. @@ -33,3 +33,4 @@ See [the general developer security release guidelines](https://gitlab.com/gitla [GitLab Security]: https://gitlab.com/gitlab-org/security/gitlab [approval guidelines]: https://docs.gitlab.com/ee/development/code_review.html#approval-guidelines [Code Review process]: https://docs.gitlab.com/ee/development/code_review.html +[quick actions]: https://docs.gitlab.com/ee/user/project/quick_actions.html#quick-actions-for-issues-merge-requests-and-epics diff --git a/danger/changelog/Dangerfile b/danger/changelog/Dangerfile index 62b41d14bee..8c010accd56 100644 --- a/danger/changelog/Dangerfile +++ b/danger/changelog/Dangerfile @@ -26,7 +26,7 @@ def check_changelog(path) fail "`title` should be set, in #{gitlab.html_link(path)}! #{SEE_DOC}" if yaml["title"].nil? fail "`type` should be set, in #{gitlab.html_link(path)}! #{SEE_DOC}" if yaml["type"].nil? - if yaml["merge_request"].nil? + if yaml["merge_request"].nil? && !helper.security_mr? message "Consider setting `merge_request` to #{gitlab.mr_json["iid"]} in #{gitlab.html_link(path)}. #{SEE_DOC}" elsif yaml["merge_request"] != gitlab.mr_json["iid"] && !changelog.ce_port_changelog?(path) fail "Merge request ID was not set to #{gitlab.mr_json["iid"]}! #{SEE_DOC}" diff --git a/danger/metadata/Dangerfile b/danger/metadata/Dangerfile index f2d68e64eb6..5edd134cbab 100644 --- a/danger/metadata/Dangerfile +++ b/danger/metadata/Dangerfile @@ -32,7 +32,7 @@ end has_pick_into_stable_label = gitlab.mr_labels.find { |label| label.start_with?('Pick into') } -if gitlab.branch_for_base != "master" && !has_pick_into_stable_label +if gitlab.branch_for_base != "master" && !has_pick_into_stable_label && !helper.security_mr? warn "Most of the time, merge requests should target `master`. Otherwise, please set the relevant `Pick into X.Y` label." end diff --git a/doc/administration/plugins.md b/doc/administration/plugins.md index df75d3a24bc..6e4e445ef8f 100644 --- a/doc/administration/plugins.md +++ b/doc/administration/plugins.md @@ -24,7 +24,7 @@ see the [system hooks] documentation. The plugins must be placed directly into the `plugins` directory, subdirectories will be ignored. There is an -[`example` directory inside `plugins`](https://gitlab.com/gitlab-org/gitlab-foss/tree/master/plugins/examples) +[`example` directory inside `plugins`](https://gitlab.com/gitlab-org/gitlab/tree/master/plugins/examples) where you can find some basic examples. Follow the steps below to set up a custom hook: diff --git a/lib/gitlab/danger/helper.rb b/lib/gitlab/danger/helper.rb index cd7d617509b..90cef384a1b 100644 --- a/lib/gitlab/danger/helper.rb +++ b/lib/gitlab/danger/helper.rb @@ -174,6 +174,12 @@ module Gitlab labels - current_mr_labels end + def security_mr? + return false unless gitlab_helper + + gitlab_helper.mr_json['web_url'].include?('/gitlab-org/security/') + end + private def has_database_scoped_labels?(current_mr_labels) diff --git a/spec/lib/gitlab/danger/changelog_spec.rb b/spec/lib/gitlab/danger/changelog_spec.rb index 888094eaf6e..689957993ec 100644 --- a/spec/lib/gitlab/danger/changelog_spec.rb +++ b/spec/lib/gitlab/danger/changelog_spec.rb @@ -34,6 +34,7 @@ describe Gitlab::Danger::Changelog do { docs: nil, none: nil } ].each do |categories| let(:changes_by_category) { categories } + it "is falsy when categories don't require a changelog" do is_expected.to be_falsy end diff --git a/spec/lib/gitlab/danger/helper_spec.rb b/spec/lib/gitlab/danger/helper_spec.rb index d7e67444fca..edcd020a10f 100644 --- a/spec/lib/gitlab/danger/helper_spec.rb +++ b/spec/lib/gitlab/danger/helper_spec.rb @@ -312,4 +312,26 @@ describe Gitlab::Danger::Helper do it { is_expected.to match_array(['database', 'database::review pending']) } end end + + describe '#security_mr?' do + it 'returns false when `gitlab_helper` is unavailable' do + expect(helper).to receive(:gitlab_helper).and_return(nil) + + expect(helper).not_to be_security_mr + end + + it 'returns false when on a normal merge request' do + expect(fake_gitlab).to receive(:mr_json) + .and_return('web_url' => 'https://gitlab.com/gitlab-org/gitlab/merge_requests/1') + + expect(helper).not_to be_security_mr + end + + it 'returns true when on a security merge request' do + expect(fake_gitlab).to receive(:mr_json) + .and_return('web_url' => 'https://gitlab.com/gitlab-org/security/gitlab/merge_requests/1') + + expect(helper).to be_security_mr + end + end end |