[SERVER-77450] The mongo-cr-bot bot does not respect branch protection rules Created: 24/May/23  Updated: 17/Nov/23

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Chaya Malik Assignee: [DO NOT ASSIGN] Backlog - DevProd Correctness
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Assigned Teams:
Correctness
Participants:

 Description   

This is something that we noticed about the evergreen merge bot that we fixed, so I wanted to flag it.

If the bot that does the merging of a PR is an admin for the repo, github will let it merge, and show the pr as "mergeable" when the user that is asking if it's mergeable is able to merge it. Since the user (aka mongo-cr-bot) asking is an admin, it'll show it as mergeable because the admin is technically able to override branch protection rules and merge anyway.

That means that if for example, the repo is set up to require that a specific test passes before merging, the bot will merge it even if that test didn't pass because it's not checking if it's mergeable for the author of the PR, it's checking if it's mergable for the admin user that's asking.

We circumvented this by only merging it if the mergeable_state returned here is something other than "blocked".



 Comments   
Comment by Matthew Lewandowski [ 24/May/23 ]

Moved to SDP for triaging from PROG. Ownership of this is hazy at best.

Generated at Thu Feb 08 06:35:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.