Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / Compliance Group - Meetings / 4 Aug 2020
GitLab / Compliance Group - Meetings / 4 Aug 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Merge Request Override Pivot

Description

Relevant Issue: https://gitlab.com/groups/gitlab-org/-/epics/3839#note_389956039

A

Okay, for sake of syncing up, I tried to take what you are proposing matt and let's get a quick prototype to show how the workflow you've outlined here might appear in the ui and it might be different than what you're actually expecting just ever so slightly so jumping over to my protape.

A

So I'm austin, I am trying to submit a merge request and what's occurring is I need to submit essentially an emergency one, because we have some bug in production that absolutely has to be fixed. We don't have time to go through all the normal approval checks. We just want to use our special authority to get that pushed through.

A

So the way I was envisioning that playing out is I'd have an option within the approver section, to request an override.

A

And so this button would then kick off a notification to a special group of users that have this ability to override these types of requests, and so, if I click this, this container potentially might change, ideally maybe you're, showing the eligible approvers that are associated with override approvals now, as opposed to the eligible approvers based off of the merge request, approval rules that had already been established.

A

So that's player one. So, let's enter player two into the game, so player two, let's say it's. Sarah she's somehow gonna be notified of this somehow in the system. Maybe it's an alert, maybe it's a assignment and a merge request, perhaps, um but regardless she goes and looks at the merge requests, and so I think this is where maybe it differentiates from actually using the compliance dashboard.

A

It would re-enforce the approval workflow staying within the merge request, and so here instead of having the normal approval, workflow, the essentially have two button options to either approve or reject, and the approval would approve that override and allow the merge request to move forward without any sort of hindrance from the settings that might have been established.

A

For approval rules or protected settings or pipeline status and whatnot, so if the user would reject it, then it would go back to its original state or if it's approved, introduce a little bit of friction just in case a user doesn't know what exactly they're about to get into. I think there needs to be some awareness like hey.

A

You have this permission, make sure you know like this, isn't just a general approval that you normally would do take a second to know that you're going to override all the settings so that you can push this change to production, and so, if I was okay with that, if sarah was okay with that she hit approve and then it would move forward like normal, but maybe instead of saying approved by person, it would be override, was approved by the person with that special access- and I I know this isn't a great example because it has conflicts.

A

But ideally you can push the merge request through, but that was kind of how I was envisioning. What you were proposing back here in your outline. I think I addressed all of your different use cases. I just think the one significant difference is, nothing would appear in the compliance dashboard. I'm interested to hear what you think about.

A

That.