Pipeline Trigger API and UI with user permissions
We have Build Triggers API that hasn't been upgraded since: https://docs.gitlab.com/ee/user/project/new_ci_build_permissions_model.html.
FE: @kushalpandya
The new CI permission model allows us to fetch sources/images from all dependent projects. Build triggers, because they are user-less, use the old method of "permissions", which only allows fetching from the directly related project.
Idea
- Change Build Triggers to Pipeline Triggers,
- Add
/pipelines/trigger
endpoint to fulfill the 1., - Deprecate
/builds/trigger
, - Extend Pipeline Triggers to store User ID of user that did create a trigger,
- Allow editing of user which permissions are used for running a pipeline,
- Allow editing of the description (we add description to make triggers named, and to know which trigger can be removed).
What is needed
- A new
/pipelines/trigger
endpoint (For 8.17), - A new column for
ci_triggers
:user_id
(For 8.17), - A new column for
ci_triggers
:description
(For 8.17), - An ability to edit existing triggers (For 8.17),
- With 9.0 remove code that is responsible for supporting deprecated user-less method of CI authentication.
Edge cases
- If user will be removed we will nullify the
ci_triggers.user_id
making it to behave as previously or with 9.0 to generate a permission denied, - If user will get blocked or removed from group it will automatically loose permissions to run CI pipelines with this trigger.