►
Description
Demo for https://gitlab.com/gitlab-org/quality/triage-ops/-/merge_requests/2310 - part 2
When the bot approves a merge request that is not from security:master into canonical:master, the triage-ops immediately revert the approval and prevent the merge.
A
Now,
I'm
going
to
show
the
reverse
implementation,
which
is
how
this
can
prevent
abuses
where
someone
can
approve
a
malicious
user,
can
approve
a
merge
request.
That
is
not
intended
to
be
approval
using
the
both
credentials,
so
here
I'm
logged
in
as
the
bot
so
I'm
going
to
the
list
of
the
merge
requests
and
I'm
going
to
find
this
merge
request
that
I
want
to
approve.
A
So
this
is
just
regular,
merge,
requests
and
I'm
going
to
approve
as
the
bot
as
we
as
we
have
seen
for
a
split
second,
it
was
the
bot
approval
here
and
we
can
see
on
the
activity
that
triage
board
approved
the
merge
request
and
then
immediately
unapproved,
and
we
also
left
this
discussion
so
only
merge
requests
that
are
coming
from
security,
Master
branch
and
targeting
canonical
muscle
Branch
are
are
left
approved.
Everything
else
get
is
approval,
removed.