1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
#!/usr/bin/env ruby
# frozen_string_literal: true
# We need to take some precautions when using the `gitlab` gem in this project.
#
# See https://docs.gitlab.com/ee/development/pipelines/internals.html#using-the-gitlab-ruby-gem-in-the-canonical-project.
require 'gitlab'
# This script is used to confirm that AppSec has approved upstream JiHu contributions
#
# It will error if the approval is missing from the MR when it is run.
gitlab_token = ENV.fetch('PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE')
gitlab_endpoint = ENV.fetch('CI_API_V4_URL')
mr_project_path = ENV['CI_MERGE_REQUEST_PROJECT_PATH']
mr_iid = ENV['CI_MERGE_REQUEST_IID']
approval_label = "sec-planning::complete"
warn "WARNING: CI_MERGE_REQUEST_PROJECT_PATH is missing." if mr_project_path.to_s.empty?
warn "WARNING: CI_MERGE_REQUEST_IID is missing." if mr_iid.to_s.empty?
unless mr_project_path && mr_iid
warn "ERROR: Exiting as this does not appear to be a merge request pipeline."
exit
end
Gitlab.configure do |config|
config.endpoint = gitlab_endpoint
config.private_token = gitlab_token
end
if Gitlab.merge_request(mr_project_path, mr_iid).labels.include?(approval_label)
puts 'INFO: No action required.'
else
abort('ERROR: This merge request has not been approved by application security and is required prior to merge.')
end
|
