Design: Notify about the compliance pipeline in the pipeline editor
Problem
With the release of the enforced compliance pipelines, projects that have a "compliance framework" with a specific compliance pipeline, then the compliance jobs will run before the project's at each stage. There's currently no way for someone creating a new pipeline in their project or editing their project pipeline to know that there's some pipeline that will run before the one they create.
Furthermore, if the project pipeline hasn't been included in the compliance pipeline YAML, the project pipeline will not run. See compliance pipelines docs for more information.
Proposal
Those in charge of authoring a pipeline need to be aware of the compliance pipeline when they create or edit their config. They need to understand that the project pipeline will not run if it hasn't been included in the compliance pipeline, and they need to know where to find the compliance pipeline in case they need to reach out to the compliance project maintainers.
As an MVC, we want to add an information alert to the Edit and Visualization tabs of the pipeline editor, and adjust the text in the Merged Yaml tab to notify about the compliance pipeline.
Further details
- See the attached design for specs.
- "Learn more" link should take you to the documentation for compliance pipelines.
- The linked compliance file may be named something other than
.compliance.gitlab.yml
, so that text should be dynamically generated, based on whatever project it is in. The compliance pipeline name can be retrieved with the GraphQL below. There may be other ways too, but this might be helpful when it comes time for implementation.
query {
namespace(fullPath:"sam-s-test-group") {
projects { # Would only need the current project, not all
edges {
node {
name, # This is the project name
complianceFrameworks {
edges {
node {
name, # Name of the compliance framework
pipelineConfigurationFullPath # <-- This is the compliance pipeline file
}
}
}
}
}
}
}
}
🤝 Cross-stage collaboration
-
Responsible, Accountable
grouppipeline authoring @dhershkovitch, @nadia_sotnikova -
Consulted
groupcompliance @stkerr, @aregnery