Pipeline creation must be a separated right on protected branches

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Intended users

This feature is intended to be used in multiple team triggers pipelines. In my case i want developers upstream project to trigger a pipeline build on a SRE repository without having right to push/merge on master.

Further details

Currently user must have right to push or merge to make a trigger downstream pipeline to be launched.

Having a right to launch pipeline permits external users to the repository to launch deployments without having right to modify the deployment code. It's useful in a dev/sre environment where dev(ops) is focusing on creating a package and SRE are focusing on deployment across projects.

This right can be useful also on modular applications with many developers permitting library owners to trigger rebuild on downstream artifacts to ensure their lib works with the downstream projects of other teams.

⚠️ Currently the trigger is stuck in pending state when user doesn't have permission instead of failing due to permissions, feedback from UI is not good

Proposal

I propose to add a new right "Pipeline" to launch pipeline in the protected branch view. This will permit to delegate end users pipeline launch without modifying code.

Permissions and Security

Only owner can change permissions.

Documentation

Testing

What does success look like, and how can we measure that?

Links / references