diff options
Diffstat (limited to 'tooling/bin/find_app_sec_approval')
-rwxr-xr-x | tooling/bin/find_app_sec_approval | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/tooling/bin/find_app_sec_approval b/tooling/bin/find_app_sec_approval new file mode 100755 index 00000000000..ea85617eb43 --- /dev/null +++ b/tooling/bin/find_app_sec_approval @@ -0,0 +1,33 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true + +require 'gitlab' + +# This script is used to confirm that AppSec has approved upstream JiHu contributions +# +# It will error if the approval is missing from the MR when it is run. + +gitlab_token = ENV.fetch('PROJECT_TOKEN_FOR_CI_SCRIPTS_API_USAGE') +gitlab_endpoint = ENV.fetch('CI_API_V4_URL') +mr_project_path = ENV['CI_MERGE_REQUEST_PROJECT_PATH'] +mr_iid = ENV['CI_MERGE_REQUEST_IID'] +approval_label = "sec-planning::complete" + +warn "WARNING: CI_MERGE_REQUEST_PROJECT_PATH is missing." if mr_project_path.to_s.empty? +warn "WARNING: CI_MERGE_REQUEST_IID is missing." if mr_iid.to_s.empty? + +unless mr_project_path && mr_iid + warn "ERROR: Exiting as this does not appear to be a merge request pipeline." + exit +end + +Gitlab.configure do |config| + config.endpoint = gitlab_endpoint + config.private_token = gitlab_token +end + +if Gitlab.merge_request(mr_project_path, mr_iid).labels.include?(approval_label) + puts 'INFO: No action required.' +else + abort('ERROR: This merge request has not been approved by application security and is required prior to merge.') +end |