Add structure to support EE feature of COAR

These are the structural changes for supporting the EE feature of moving "code_owner_approval_required" state from existing on a project to being on the protected branches individually, allowing for CODEOWNER validation on push events.
2019-09-05 13:01:36 +00:00 · 2019-09-05 13:01:36 +00:00 · 0e40b41e22
parent 95ef272539
commit 0e40b41e22
7 changed files with 51 additions and 4 deletions
--- a/app/models/merge_request.rb
+++ b/app/models/merge_request.rb
@ -174,6 +174,7 @@ class MergeRequest < ApplicationRecord
  scope :from_project, ->(project) { where(source_project_id: project.id) }
  scope :merged, -> { with_state(:merged) }
  scope :closed_and_merged, -> { with_states(:closed, :merged) }
+  scope :open_and_closed, -> { with_states(:opened, :closed) }
  scope :from_source_branches, ->(branches) { where(source_branch: branches) }
  scope :by_commit_sha, ->(sha) do
    where('EXISTS (?)', MergeRequestDiff.select(1).where('merge_requests.latest_merge_request_diff_id = merge_request_diffs.id').by_commit_sha(sha)).reorder(nil)
@ -187,6 +188,11 @@ class MergeRequest < ApplicationRecord
            target_project: [:route, { namespace: :route }],
            source_project: [:route, { namespace: :route }])
  }
+  scope :by_target_branch_wildcard, ->(wildcard_branch_name) do
+    where("target_branch LIKE ?", ApplicationRecord.sanitize_sql_like(wildcard_branch_name).tr('*', '%'))
+  end
+  scope :by_target_branch, ->(branch_name) { where(target_branch: branch_name) }
+  scope :preload_source_project, -> { preload(:source_project) }

  after_save :keep_around_commit

--- a/app/models/protected_branch.rb
+++ b/app/models/protected_branch.rb
@ -3,6 +3,9 @@
 class ProtectedBranch < ApplicationRecord
  include ProtectedRef

+  scope :requiring_code_owner_approval,
+        -> { where(code_owner_approval_required: true) }
+
  protected_ref_access_levels :merge, :push

  def self.protected_ref_accessible_to?(ref, user, project:, action:, protected_refs: nil)
--- a/app/services/protected_branches/create_service.rb
+++ b/app/services/protected_branches/create_service.rb
@ -5,7 +5,8 @@ module ProtectedBranches
    def execute(skip_authorization: false)
      raise Gitlab::Access::AccessDeniedError unless skip_authorization || authorized?

-      protected_branch.save
+      save_protected_branch
+
      protected_branch
    end

@ -15,6 +16,10 @@ module ProtectedBranches

    private

+    def save_protected_branch
+      protected_branch.save
+    end
+
    def protected_branch
      @protected_branch ||= project.protected_branches.new(params)
    end
--- a/db/migrate/20190729180447_add_merge_requests_require_code_owner_approval_to_protected_branches.rb
+++ b/db/migrate/20190729180447_add_merge_requests_require_code_owner_approval_to_protected_branches.rb
@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+class AddMergeRequestsRequireCodeOwnerApprovalToProtectedBranches < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default(
+      :protected_branches,
+      :code_owner_approval_required,
+      :boolean,
+      default: false
+    )
+
+    add_concurrent_index(
+      :protected_branches,
+      [:project_id, :code_owner_approval_required],
+      name: "code_owner_approval_required",
+      where: "code_owner_approval_required = #{Gitlab::Database.true_value}")
+  end
+
+  def down
+    remove_concurrent_index(:protected_branches, name: "code_owner_approval_required")
+
+    remove_column(:protected_branches, :code_owner_approval_required)
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -2932,6 +2932,8 @@ ActiveRecord::Schema.define(version: 2019_09_04_173203) do
    t.string "name", null: false
    t.datetime "created_at"
    t.datetime "updated_at"
+    t.boolean "code_owner_approval_required", default: false, null: false
+    t.index ["project_id", "code_owner_approval_required"], name: "code_owner_approval_required", where: "(code_owner_approval_required = true)"
    t.index ["project_id"], name: "index_protected_branches_on_project_id"
  end

--- a/spec/lib/gitlab/checks/diff_check_spec.rb
+++ b/spec/lib/gitlab/checks/diff_check_spec.rb
@ -20,9 +20,8 @@ describe Gitlab::Checks::DiffCheck do
        allow(project).to receive(:lfs_enabled?).and_return(false)
      end

-      it 'skips the validation' do
-        expect(subject).not_to receive(:validate_diff)
-        expect(subject).not_to receive(:validate_file_paths)
+      it 'does not invoke :lfs_file_locks_validation' do
+        expect(subject).not_to receive(:lfs_file_locks_validation)

        subject.validate!
      end
--- a/spec/lib/gitlab/import_export/safe_model_attributes.yml
+++ b/spec/lib/gitlab/import_export/safe_model_attributes.yml
@ -467,6 +467,7 @@ ProtectedBranch:
 - name
 - created_at
 - updated_at
+- code_owner_approval_required
 ProtectedTag:
 - id
 - project_id