Draft: Pipeline execution policy POC using dry run
What does this MR do and why?
This is a Pipeline execution policy PoC that uses dry run to evaluate policy pipelines and merge them into the project pipeline.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Policy jobs are merged to the project pipeline:
CleanShot_2024-04-19_at_17.40.43
If the stages don't exist in the project pipeline, they are created based on policy stages (but not necessarily in the expected order
CleanShot_2024-04-19_at_17.42.19
Error handling - when there's an error in the PEP:
How to set up and validate locally
- Enable the feature flag
echo "Feature.enable(:pipeline_execution_policy_type)" | rails c
- Create two new projects. One for testing and one as the security policy project
- On the testing projects left sidebar, select Security & Compliance and Policies
- Select Edit policy project
- Select your security policy project and Save
- On you security policy project, create a new file
.gitlab/security-policies/policy.yml
with content:--- pipeline_execution_policy: - name: test_pipeline_execution description: hey enabled: true content: policy test job: stage: test script: - echo "Hello World"
- Add a simple
.gitlab-ci.yml
to the project - Start a pipeline. It should contain the
policy test job
defined in the pipeline execution policy.
Related to #441252
Edited by Martin Čavoj