Ability to protect gitlab-ci.yml from changing by developers
.gitlab-ci.yml may contain rules to deploy application to production server and (ususally) runs automaticaly after push. It's not always wanted that any developer could change this.
As long as the
CODEOWNERS file itself is locked down with a code owner and the
Require code owner approval is checked then this is can already be accomplished. Using this feature, different CI templates could even have different owners, allowing for more flexibility.
As such, this issue does not require any code change or new feature. Instead, we should add clear documentation to the CI docs describing how to achieve the purpose here.
This could be expanded on in future iterations. Protecting
included files is an option for a future improvement (you can work around that for now by including files from a protected repo). Generally protecting arbitrary files is also interesting but brings in other UX considerations. For this iteration we are keeping things simple, but if these use cases are valuable to you please open an issue with your ideas.
Some organizations also may not fully trust code owners, and want an additional level of approval. This could also be expanded upon in a future release.