Skip to content

Force project CI when pipeline execution policies exist

Martin Čavoj requested to merge 441252-pipeline-execution-poc-dry-run-2 into master

What does this MR do and why?

This MR extends the Pipeline execution policies and enables the policy jobs to run when there's no project CI configuration.

Policy jobs that are defined in default stages are injected, other stages are silently ignored.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

CleanShot_2024-05-31_at_14.52.16

How to set up and validate locally

  1. Enable the feature flag echo "Feature.enable(:pipeline_execution_policy_type)" | rails c
  2. Create two new projects. One for testing and one as the security policy project
  3. On the testing projects left sidebar, select Security & Compliance and Policies
  4. Select Edit policy project
  5. Select your security policy project and Save
  6. On you security policy project, create a new file .gitlab/security-policies/policy.yml with content: 
    ---
pipeline_execution_policy:
- name: Test
  description: ''
  enabled: true
  content:
    policy build:
      stage: build
      script:
      - echo "Policy build."
    policy test:
      stage: test
      script:
      - echo "Policy test."
  7. Go to the project and run a new pipeline. It should run and contain the jobs defined in the pipeline execution policy even though there's no project CI configuration.

Related to #441252 (closed)

Edited by Martin Čavoj

Merge request reports