[Backend] Add 'compliance pipeline configuration location' value to custom compliance framework labels
Release notes
Problem to solve
In #231247 (closed) we are pivoting on compliance framework project labels to allow customers to customize them. Currently, these labels are hard-coded and informational only.
Learning from both the initial implementation of labels and a now-related problem validation cycle about group-level compliance pipeline configurations, customers will need a way to associate specific projects with pre-defined compliance CI configuration files (e.g. hipaa-include.gitlab-ci.yml
).
Intended users
User experience goal
A group owner
can add a compliance pipeline configuration location
value to a customized compliance framework project label they create at the group-level.
Proposal
|
---|
![]() |
[Root] Group Level Settings > General > New/Edit
- Title
- Description
- Settings Enforcement
- Force Merge
+ Compliance pipeline configuration location (optional)
- Background color
Project Level Settings > CI/CD
- ...
- Custom CI configuration path
+ Compliance pipeline configuration location
Note: This value should be inherited by a project, but is not the same as custom CI configuration path. It should be disabled and read-only.
Feature flag
Re uses the existing flag for compliance frameworks: ff_custom_compliance_frameworks
Disabled by default
Out of scope
- Using the inputted value for any logical change to the CI pipeline.
- Enabling the feature for production use.
-
@asubramanian1 is investigating the use of multi-project pipelines for the next step, which is to implement the pipeline itself. This is related to, but not within scope for this issue.
Update: Issue for using the group-level configuration: #281049 (closed)
Further details
This value - Compliance pipeline configuration location
, e.g. hipaa-include.gitlab-ci.yml@group/compliance-project - should serve as the reference that $CI_PROJECT_CONFIG_PATH
will use to know that all projects with this reference/value should combine the local .gitlab-ci.yml
CI configuration with hipaa-include.gitlab-ci.yml@group/compliance-project
at runtime.
Implementation plan
- Add new database attribute on
ComplianceManagement::Framework
backend -
If the feature flag :ff_custom_compliance_frameworks
is set:
- Modify
updateComplianceFramework
GraphQL mutation to allow new field to be updated. - Motify
ComplianceManagement::FrameworkType
to expose new field value.