Lock .gitlab-ci.yml so only limited users can edit

Problem to solve

There are certain cases where regular project developers should not have access to .gitlab-ci.yml, for example when compliance controls around the build are implemented from a third party organization and development teams should not modify them.

Target audience

Compliance and security teams

Further details

TBD

Proposal

Create a way for .gitlab-ci.yml permissions to be controlled whereby only limited users are able to modify the file. Modifying pushes would need to be rejected with a clear message.

What does success look like, and how can we measure that?

TBD

Links / references

Customer Interested

• https://gitlab.my.salesforce.com/001610000111p4B