Allow pipeline execution policies to enforce centralized workflow rules for `override_ci` mode
Release notes
Pipeline execution policies' override_ci mode now supports use of workflow rules to aide in policy enforcement for jobs defined in the policy as well as jobs defined in the project's configuration when include:project is leveraged. By defining workflow rules in the policy, you can filter out policies based on particular rules or set rules to be enforced across all projects, such as preventing the use of branch pipelines.
Previously workflow rules could only be applied to jobs defined in the pipeline execution policy in override_ci mode.
The behavior in inject_ci mode remains unchanged and workflow rules can only be used to affect when policy jobs are enforced without affecting the project's workflow rules.
Problem to solve
Based on feedback in #489715, pipeline execution policies do not currently allow for defining centralized workflow rules which can be leveraged to:
- Define when a pipeline execution policy shall run based on the workflow rules
- Enforce rules such as preventing use of branch pipelines
This is especially challenging for users migrating from compliance pipelines who have leveraged this behavior.
Intended users
User experience goal
Proposal
Modify behavior of override_ci to match expectations such that workflow rules are considered when the pipeline execution yaml is merged with the project yaml.
Further details
Permissions and Security
Documentation
Availability & Testing
Available Tier
Feature Usage Metrics
What does success look like, and how can we measure that?
What is the type of buyer?
Is this a cross-stage feature?
What is the competitive advantage or differentiation for this feature?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.