.pre/.post jobs should be optionally allowed in empty pipelines

Problem to solve

In #198518 (closed) functionality was removed to not allow .pre/.post jobs in empty pipelines. However, there are legitimate use cases for leveraging the hidden .pre/.post stages when no pipeline exists.

For example, as a GitLab Ultimate Customer leveraging Compliance Frameworks, I have certain compliance jobs I want to inject that check things like MR Approvals, Protected Branch Settings etc. and will lock projects down if a compliance violation occurs in order to prevent malicious activity in the repository.

Some of our teams do not leverage GitLab CI/CD and MANY of them do. Thusly I need a common way to apply compliance jobs independent of whether a team has CI/CD pipelines or not, and what their stage structure looks like.

Proposal

Re-introduce the ability to run .pre and/or .post jobs even if other pipeline jobs don't exist. This could potentially be gated by a rule to define that the pre/post job should run regardless of if other jobs/stages exist.

compliance-job:
  stage: .pre
  script:
    - do some compliance tuff
  rules:
    - if: "$CI_EMPTY_PIPELINE == 'true' || $CI_EMPTY_PIPELINE == 'false'"
      when: always # if the pipeline is empty, this will evaluate to true and we can run this job anyway. By default CI_EMPTY_PIPELINE can always be when: never in order to prevent a breaking behavior.

Intended users

Any users leveraging .pre/.post jobs. This is specifically more useful for injection of compliance jobs as part of a compliance framework.

.pre/.post jobs should be optionally allowed in empty pipelines

Problem to solve

Proposal

Intended users

Feature Usage Metrics

Does this feature require an audit event?