Evaluate group-level compliance pipeline configuration

Release notes

Problem to solve

#254389 (closed) provides an ability to define group-level compliance pipeline configurations.

When this is configured, the group-level compliance pipeline configurations is triggered whenever a commit is pushed to the project.

It's up to the maintainer of the framework YAML to ensure that there is a callback to the relative project .gitlab-ci.yml being built.

An example group-level compliance pipeline configuration is as stated below:

compliance:
  trigger:
    project: gitlab-org/compliance
    file: hipaa/.gitlab-ci.yml

project-pipeline:
  trigger:
    include: $CI_PROJECT_CONFIG_PATH

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)
• Alex (Security Operations Engineer)

User experience goal

Proposal

• Add a new source in the list of Pipeline chain config (add it as the first option, since it has the highest precedence)
• content for the compliance source type will be obtained from #254389 (closed) (for e.g. project.group.compliance_pipeline_configuration)

def content
  return unless project

  strong_memoize(:content) do
    next unless project.group.compliance_pipeline_configuration
    
    YAML.dump('include' => [{ 'file' => project.group.compliance_pipeline_configuration }])
  end
end                

Feature flag

Name: ff_evaluate_group_level_compliance_pipeline

Disabled by default

Further details

Permissions and Security

Links / references