Implement variables_override for scheduled pipeline execution policies

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Add support for the variables_override option to scheduled pipeline execution policies, similar to the implementation for regular pipeline execution policies in !186120 (merged).

The variables_override feature was implemented for pipeline execution policies in !186120 (merged) to provide better control over how YAML variables in policy pipelines can be overridden. This feature allows policy authors to:

Control whether user-defined variables can override policy variables
Define exceptions for specific variables (allowlist/denylist approach)
Provide more predictable enforcement that is customizable

Currently, this functionality is only available for regular pipeline execution policies but not for scheduled pipeline execution policies.

Proposal

Fix #543105 first

Extend the variables_override functionality to scheduled pipeline execution policies to provide the same level of control and flexibility.

Schema

The variables_override option should support the same schema as pipeline execution policies:

pipeline_execution_schedule_policy:
    variables_override:
      allowed: false
      exceptions:
        - CS_IMAGE
        - SAST_EXCLUDED_ANALYZERS

Edited Aug 13, 2025 by 🤖 GitLab Bot 🤖