Skip to content
Snippets Groups Projects
Verified Commit e257a9ab authored by Martin Čavoj's avatar Martin Čavoj :palm_tree: Committed by GitLab
Browse files

Remove feature flag `policies_always_override_project_ci`

Remove the feature flag which has been enabled by default since 17.8.

Changelog: other
EE: true
parent 45ab5576
No related branches found
No related tags found
1 merge request!182001Remove feature flag `policies_always_override_project_ci`
......@@ -401,7 +401,8 @@ the only jobs that run are the pipeline execution policy jobs.
{{< history >}}
- Updated handling of workflow rules [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175088) in GitLab 17.8 [with a flag](../../../administration/feature_flags.md) named `policies_always_override_project_ci`. Enabled by default.
- Updated handling of workflow rules [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175088) in GitLab 17.8 [with a flag](../../../administration/feature_flags.md) named `policies_always_override_project_ci`. Enabled by default.
- Updated handling of workflow rules [generally available](https://gitlab.com/gitlab-org/gitlab/-/issues/512877) in GitLab 17.10. Feature flag `policies_always_override_project_ci` removed.
{{< /history >}}
......@@ -504,14 +505,9 @@ ProjectVariablesYAML -- "Basis of the resulting pipeline" --> ResultingProjectVa
{{< alert type="note" >}}
When a pipeline execution policy uses workflow rules that prevent policy jobs from running, the
project's original CI/CD configuration remains in effect instead of being overridden. You can
conditionally apply pipeline execution policies to control when the policy impacts the project's
CI/CD configuration. For example, if you set a workflow rule `if: $CI_PIPELINE_SOURCE ==
"merge_request_event"`, the project's CI/CD configuration is only overridden when the pipeline source
is a merge request event. However, if the feature flag `policies_always_override_project_ci` is enabled,
the workflow rules in the pipeline execution policy also override the project's original CI/CD configuration.
As a result, if workflow rules cause the pipeline execution policy to be filtered out, no pipeline is created.
The workflow rules in the pipeline execution policy override the project's original CI/CD configuration.
By defining workflow rules in the policy, you can set rules that are enforced across all linked projects,
like preventing the use of branch pipelines.
{{< /alert >}}
......
---
name: policies_always_override_project_ci
feature_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/489715
introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/175088
rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/509986
milestone: '17.8'
group: group::security policies
type: beta
default_enabled: true
......@@ -69,11 +69,7 @@ def skip_ci_allowed?
end
def has_overriding_execution_policy_pipelines?
if ::Feature.enabled?(:policies_always_override_project_ci, project)
policies.any?(&:strategy_override_project_ci?)
else
policy_pipelines.any?(&:strategy_override_project_ci?)
end
policies.any?(&:strategy_override_project_ci?)
end
def applying_config_override?
......
......@@ -317,20 +317,6 @@
end
end
end
context 'when feature flag "policies_always_override_project_ci" is disabled' do
before do
stub_feature_flags(policies_always_override_project_ci: false)
end
it { is_expected.to eq(false) }
context 'when overriding policy_pipelines are present' do
let(:policy_pipelines) { build_list(:pipeline_execution_policy_pipeline, 2, :override_project_ci) }
it { is_expected.to eq(true) }
end
end
end
end
end
......
......@@ -477,22 +477,6 @@
expect(execute.payload).not_to be_persisted
expect(execute.payload.errors.full_messages).to contain_exactly 'Missing CI config file'
end
context 'when feature flag "policies_always_override_project_ci" is disabled' do
before do
stub_feature_flags(policies_always_override_project_ci: false)
end
it 'creates the pipeline with project jobs and without policy jobs' do
expect { execute }.to change { Ci::Build.count }.from(0).to(2)
stages = execute.payload.stages
build_stage = stages.find_by(name: 'build')
expect(build_stage.builds.map(&:name)).to contain_exactly('build')
test_stage = stages.find_by(name: 'test')
expect(test_stage.builds.map(&:name)).to contain_exactly('rspec')
end
end
end
end
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment