Highlight jobs coming via Execution Policies or Compliance Pipelines in the Job log
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Proposal
Both Execution Policies and Compliance Pipelines have the ability to "inject" jobs into a pipeline that the "local" user didn't configure in their CI config themselves. As the resulting jobs are not marked/annotated in any way, this frequently leads to confusion. Any job that is being executed in consequence of either mechanism should get a clear visual mark, and ideally a link/reference back to its "source".
Extremely professional mockup created via "Inspect Element":
Linking the pill to a helpful target might be tricky. The "best" place to link to for a Compliance Pipeline would be… the General Settings of the top-level group, where the user then needs to go to the Compliance Framework list and click on the correct Framework to verify if it has a Compliance pipeline configured. They might not even have the correct permissions to view those settings. Maybe alternatively the configured YAML path should also be shown to provide some more context:
This might seem obvious when you already know the feature, but to an unsuspecting end user simply seeing this path and realizing "Oh, that is in my company namespace… this is from us?!" is an improvement over the current situation. They can reach out internally instead of debugging their pipeline or reaching out to GitLab Support. The same is true for any jobs coming from Execution Policies.
Not only is this a recurring source of confusion for users, this is so hard to discover when you don't already know about it that frequently Support Engineers stumble over it as well. When I first came in contact with this problem I was wondering why affected/confused customers don't communicate better internally, but the reality in bigger organizations is just that this is not happening. We already added a note to please communicate to your end users what you enforce in their projects, but I don't think that is enough (and it also shouldn't be necessary).
My mockups (graphic design is my passion…) are mainly to better illustrate the issue, not suggesting that this is the only/best way to handle it. In fact I'm fairly sure that getting that information at the job level after pipeline execution would technically be rather challening. Maybe instead a clear visual indication on the project overview and pipeline editor page that there's a Compliance Pipeline and/or Execution Policy configured for it would be a boring solution.