Support git refs in Compliance Pipeline Configuration
Proposal
GitLab.com ultimate customer raising following discussion with @manuelgrabowski in Zendesk ticket 337142 here interested in this.
When configuring a Compliance Framework per Configure a Compliance Pipeline it has to follow the form .compliance-ci.yml@gitlab-org/gitlab
We would like to propose this is amended to mirror the functionality offered by Custom CI/CD Configuration File so that it can accept git refs (branches or tags) in the form .compliance-ci.yml@gitlab-org/gitlab:refname
The two use cases we've identified so far for it for being desirable is testing of compliance frameworks themselves and offering an "early adopter" view of forthcoming compliance pipeline changes in a similar fashion to the toggle via next.gitlab.com
At the moment you have to commit these as separate files which means lots of unnecessary commits hitting the main
branch, some of which can mean main
is effectively "broken". Combined with Approval Rules and CODEOWNERS on a Protected Branch it slows the development process somewhat.
Obviously this could be overcome by using separate repos too, but that defeats the purpose of branching and tagging really.
An initial investigation suggests a change would be required at https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/assets/javascripts/groups/settings/compliance_frameworks/constants.js#L20 to recognise the :refname
part, and https://gitlab.com/gitlab-org/gitlab/blob/master/ee/app/assets/javascripts/groups/settings/compliance_frameworks/utils.js#L48 to pass this to the API.getRawFile
to enable support on the front-end.
A bit more analysis is required to see if any backend changes would also be required.