Check hash of the file in `.gitlab-ci.yml` when using `include` keyword

Problem to solve

The include keyword is quite useful to simplify structure of .gitlab-ci.yml file. At the moment, however, I can include only files that are completely in my control. If I see something cool in another repo, I cannot include it, because I cannot be sure the file will not be edited.

An edit can be also malicious, studied to exfiltrate data.

Further details

At the moment I can only include other's people files (including Gitlab's own examples) copying them in a repo / host controlled by me.

I'd like to be able to simply include an external file, without having to worry it will be edited. In a future it could also exist a service with a collection of useful template, a la pastebin

Proposal

Add another keyword, like sha256, where you can specify what's the hash of the file you expect. If such keyword is specified, Gitlab checks the hash of the file it downloads before merging it.

If the two hashes are different, the included file is not download, and the job emits a warning / completely fails.