Merge branch 'sk/415706-fix-appr-notification' into 'master'

Fix approval notification for MRs without scan result policies See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/124107 Merged-by: Bala Kumar <sbalakumar@gitlab.com> Approved-by: Martin Čavoj <mcavoj@gitlab.com> Approved-by: Bala Kumar <sbalakumar@gitlab.com> Reviewed-by: Bala Kumar <sbalakumar@gitlab.com> Reviewed-by: Martin Čavoj <mcavoj@gitlab.com> Co-authored-by: Sashi Kumar <skumar@gitlab.com>

Merge branch 'sk/415706-fix-appr-notification' into 'master'
d8d0ead7 · Bala Kumar · f08d936c · 221e1b44 · d8d0ead7 · d8d0ead7
--- a/ee/app/services/security/scan_result_policies/update_approvals_service.rb
+++ b/ee/app/services/security/scan_result_policies/update_approvals_service.rb
@@ -13,19 +13,19 @@ def initialize(merge_request:, pipeline:)
      end

      def execute
-        return if scan_removed? && Feature.disabled?(:security_policy_approval_notification, pipeline.project)
+        return if Feature.disabled?(:security_policy_approval_notification, pipeline.project) && scan_removed?

-        violated_rules, unviolated_rules = merge_request.approval_rules.scan_finding.partition do |approval_rule|
+        approval_rules = merge_request.approval_rules.scan_finding
+        return if approval_rules.empty?
+
+        violated_rules, unviolated_rules = approval_rules.partition do |approval_rule|
          approval_rule = approval_rule.source_rule if approval_rule.source_rule

          violates_approval_rule?(approval_rule)
        end

+        ApprovalMergeRequestRule.remove_required_approved(unviolated_rules) if unviolated_rules.any? && !scan_removed?
        generate_policy_bot_comment(violated_rules.any? || scan_removed?)
-
-        return if scan_removed?
-
-        ApprovalMergeRequestRule.remove_required_approved(unviolated_rules) if unviolated_rules.any?
      end

      private

--- a/ee/spec/services/security/scan_result_policies/update_approvals_service_spec.rb
+++ b/ee/spec/services/security/scan_result_policies/update_approvals_service_spec.rb
@@ -106,6 +106,16 @@
      end
    end

+    context 'when approval rules are empty' do
+      let!(:report_approver_rule) { nil }
+
+      it 'does not enqueue Security::GeneratePolicyViolationCommentWorker' do
+        expect(Security::GeneratePolicyViolationCommentWorker).not_to receive(:perform_async)
+
+        service
+      end
+    end
+
    context 'when security scan is removed in current pipeline' do
      let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project, ref: merge_request.source_branch) }