Protected runner executes jobs on protected branch [Solution 1]
What does this MR do?
This MR is continued from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192. To accomplish this feature, we need to implement a mechanism for "Protected runner executes jobs on protected branch. Unprotected runner executes jobs on unprotected branch". However, there is a technical challenge that ci_builds doesn't have data whether the ref is protected or not.
This MR addresses the challenge with Solution 1.
Solution 1. Persists
protected(ref) flag onci_pipelinestable.builds_for_shared_runnerandbuilds_for_specific_runnerread the flag instead of executingprotected_for?one by one.
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192#note_36332863
Update Aug 21st
We expand ci_biulds instead of ci_pipelines. See https://gitlab.com/gitlab-org/gitlab-ce/issues/33281#note_37674757.
Compared with solution2
-
Pro
-
Fast
-
Scalable
-
Con
-
If user changes the ref protection, do we need to update the corresponded data on ci_pipelines? https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192#note_36334215
-
Alter column on ci_pipelines
Are there points in the code the reviewer needs to double check?
How should we mark the protected flag on ci_biulds? Do we leverage it by only protected-branch-or-not?
Why was this MR needed?
This is aimed for %10.0
Screenshots (if relevant)
Edit
Show
When there is a only protected runnners and a job was created on a unprotected branch
Does this MR meet the acceptance criteria?
- Changelog entry added, if necessary
- Documentation created/updated
- API support added
- Tests
- Added for this feature/bug
- All builds are passing
- Review
- [-] Has been reviewed by UX
- [-] Has been reviewed by Frontend
- Has been reviewed by Backend
- [-] Has been reviewed by Database
- Conform by the merge request performance guides
- Conform by the style guides
-
Branch has no merge conflicts with
master(if it does - rebase it please) - Squashed related commits together