Skip to content

Fix including CI files in pipeline execution policy

Andy Schoenen requested to merge andysoiron/fix-pipeline-execution-policy-external-ci-bug into master

What does this MR do and why?

This fixes a bug that prevented external CI files from being included in a pipeline execution policy when the project was private

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a group
  2. Go to Settings -> General
  3. Toggle the Permissions and group features section
  4. Enable Security policy pipeline execution action
  5. Create a new private project in the group
  6. Add a new file ci-file.yaml to the project with the following content: 
        job:
        stage: build
        script:
            - echo "Defined in security policy"
  7. Create another new project in the group
  8. On the Group level left sidebar, select Security & Compliance and Policies
  9. Select New Policy
  10. Select Scan execution policy
  11. Select Add new action and Run CI/CD code
  12. In the dropdown for Run select Linked existing CI file.
  13. Select the ci-file.yaml file you created in the other project before.
  14. Select Configure with a merge request and merge the MR.
  15. Go back to the project and try to start a pipeline via Build -> Pipelines -> Run pipeline
  16. This should fail on the master branch but work on this MR
Edited by Andy Schoenen

Merge request reports