gitlab-org--gitlab-foss/tooling/bin/find_app_sec_approval

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

34 lines
1.1 KiB
Text
Raw Normal View History

#!/usr/bin/env ruby
# frozen_string_literal: true
require 'gitlab'
# This script is used to confirm that AppSec has approved upstream JiHu contributions
#
# It will error if the approval is missing from the MR when it is run.
gitlab_token = ENV.fetch('PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE')
gitlab_endpoint = ENV.fetch('CI_API_V4_URL')
mr_project_path = ENV['CI_MERGE_REQUEST_PROJECT_PATH']
mr_iid = ENV['CI_MERGE_REQUEST_IID']
approval_label = "sec-planning::complete"
warn "WARNING: CI_MERGE_REQUEST_PROJECT_PATH is missing." if mr_project_path.to_s.empty?
warn "WARNING: CI_MERGE_REQUEST_IID is missing." if mr_iid.to_s.empty?
unless mr_project_path && mr_iid
warn "ERROR: Exiting as this does not appear to be a merge request pipeline."
exit
end
Gitlab.configure do |config|
config.endpoint = gitlab_endpoint
config.private_token = gitlab_token
end
if Gitlab.merge_request(mr_project_path, mr_iid).labels.include?(approval_label)
puts 'INFO: No action required.'
else
abort('ERROR: This merge request has not been approved by application security and is required prior to merge.')
end