Lock .gitlab-ci.yml so only limited users can edit
Problem to solve
There are certain cases where regular project developers should not have access to .gitlab-ci.yml, for example when compliance controls around the build are implemented from a third party organization and development teams should not modify them.
Compliance and security teams
Create a way for .gitlab-ci.yml permissions to be controlled whereby only limited users are able to modify the file. Modifying pushes would need to be rejected with a clear message.
What does success look like, and how can we measure that?