Merge branch 'YP-1705-nastroit-prava-sliyanij-dlya-proekta-php-api-client' into 'main'

payuru · payuru · commit d1ef1717d799 · 2025-07-21T13:48:11.000+03:00
YP-1705-nastroit-prava-sliyanij-dlya-proekta-php-api-client

See merge request ypmn-public/php-api-client!24
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,11 @@
+# Main project pipeline
+variables:
+  GIT_STRATEGY: none
+
+stages:
+  - code-approve-reset
+  - mr-approve-check
+
+include:
+  - local: 'ci/code-approve-reset.yml'
+  - local: 'ci/mr-approve-check.yml'
diff --git a/ci/code-approve-reset.yml b/ci/code-approve-reset.yml
@@ -0,0 +1,7 @@
+## Removes all previously applied approvers in MR
+clear_code_approved:
+  stage: code-approve-reset
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+  script:
+    - 'curl -f -X PUT -H "PRIVATE-TOKEN: $REMOVE_APPROVE_TOKEN" -H "Content-Type: application/json" "http://gtl01.dev.ruo.payudc.net/api/v4/projects/$CI_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/reset_approvals"'
diff --git a/ci/mr-approve-check.yml b/ci/mr-approve-check.yml
@@ -0,0 +1,48 @@
+## Blocks the pipeline if MR is not approved by any
+## of defined gitlab users (ALLOWED_APPROVERS)
+
+mr-approve-check:
+  stage: mr-approve-check
+  needs: ["clear_code_approved"]
+  tags:
+    - mr-check
+  variables:
+    TARGET_BRANCH: main
+  script:
+    - |
+      # Fetch the merge request ID from the environment variable
+      # $merge_request_iid variable is set in gitlab webhook payload
+      if [[ "$CI_PIPELINE_SOURCE" == "trigger" ]]; then
+        MR_ID=${merge_request_iid}
+      else
+        MR_ID=${CI_MERGE_REQUEST_IID}
+      fi
+
+      # Check if MR_ID is set
+      if [ -z "$MR_ID" ]; then
+        echo "This job is not running in a merge request context."
+        exit 0
+      fi
+      
+      # Get the list of approvals for the merge request
+      APPROVALS=$(curl --silent -H "PRIVATE-TOKEN: $REMOVE_APPROVE_TOKEN" -H "Content-Type: application/json" "http://gtl01.dev.ruo.payudc.net/api/v4/projects/$CI_PROJECT_ID/merge_requests/$MR_ID/approvals")
+
+      # Define a list of allowed approvers
+      ALLOWED_APPROVERS=("alexander.viktorchik" "alexey.babak" "roman.zimin")
+
+      # Check if any of the allowed users have approved the merge request
+      APPROVED=false
+      for USER in "${ALLOWED_APPROVERS[@]}"; do
+        if echo "$APPROVALS" | grep -q "$USER"; then
+          APPROVED=true
+          echo "Merge request approved by allowed user: $USER."
+          break
+        fi
+      done
+
+      if [ "$APPROVED" = false ]; then
+        echo "Merge request not approved by any allowed users. Blocking the merge request."
+        exit 1
+      fi
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == $TARGET_BRANCH'
