Assign default security policy stage
What does this MR do and why?
This MR:
- Assignes security policy CI jobs to the
.pipeline-policy-test
stage by default if no other stage is defined for the job. - Removes the ability to use the
stages
keyword from the security policy config because they can not be merged with the project config.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
-
Create a group.
-
Go to Settings -> General.
-
Toggle the Permissions and group features section.
-
Enable Security policy pipeline execution action.
-
Create a project
-
On the left sidebar, select Secure and then Policies.
-
Select New Policy.
-
Select Scan execution policy.
-
Switch to .yaml mode and enter the following policy:
type: scan_execution_policy name: test description: '' enabled: true rules: - type: pipeline branch_type: all actions: - scan: custom ci_configuration: |- stages: # This will be ignored - custom_stage # This as well test job: script: - echo 'Hello World'
-
Select Configure with a merge request.
-
Merge the MR.
-
Go back to the project and start a new pipeline.
-
The pipeline should not have a
custom_stage
stage andtest job
should be in the.pipeline-policy-test
stage. -
Adding
stage: xyz
if there's a stagexyz
present in the pipeline will add thetest job
to that stage
Related to #440141 (closed)