Package: Display Verified UI element to individual packages

Problem to solve

Organizations that fully utilize the power of GitLab's CI/CD Pipelines to generate images often find a large number of images difficult to sort through. Specifically, users who manage images indicating to colleagues what image is good to use.

Intended users

• Delaney (Development Team Lead)
• Sasha (Software Developer)
• Devon (DevOps Engineer)

Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->

Further details

Common situation: A DevOps manager is tasked with confirming the base image to be used by the rest of their organization. It is currently difficult to communicate this information, often ending with the DevOps manager looking up the image themselves and sending the details over to the engineer.

Proposal

As an MVC, I propose we add a "Verified" function to individual packages/images.

This includes the following actions:

1. The ability via the API to add and remove a verified flag to that tag/version.
2. A moment in the UI that shows that the tag/version is verified.
3. The ability to add or remove the verified flag via the UI
4. Settings that set the permission level required to change the verified state (Default to Maintainer)

Further Ideas:

1. Add the ability for verified images to be updated via the CI (latest version from the master branch is automatically tagged as verified)
2. Add rules like images that can't be built and tested or that have a security warning get a warning if a user attempts to verify

Permissions and Security

As we introduce more complex verifications

Documentation

Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Links / references