Draft: Handle pipeline execution policy job names
What does this MR do and why?
This change adds suffix for pipeline execution policy jobs to make them distinguishable for the users in the UI.
The suffix is based on the policy index, so all jobs belonging to the same policy will have the same suffix.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Jobs belonging to the same policy have the same suffix. If the job declares needs
, the links between jobs are preserved.
Pipeline execution with jobs that declare needs
:
CleanShot_2024-04-24_at_14.50.33
How to set up and validate locally
- In rails console enable the feature flag
Feature.enable(:pipeline_execution_policy_type)
- Create a group
- Inside the group, create a project
SPP group
- In the project, create a file
.gitlab/security-policies/policy.yml
with the following content:--- pipeline_execution_policy: - name: Group policy description: '' enabled: true pipeline_config_strategy: inject_ci content: build job: stage: build script: - sleep 5 && echo "Group building..." group build job: needs: - "build job" script: - echo "Group policy job" group test job: script: - echo "Hello World from the group policy"
- Go back to the group and open Secure -> Policies. Click "Edit policy project" and select
SPP group
. - In the group, create a new project
SPP project
. - In the project, create a file
.gitlab/security-policies/policy.yml
with the following content:--- pipeline_execution_policy: - name: Project policy description: '' enabled: true pipeline_config_strategy: inject_ci content: build job: stage: build script: - sleep 3 && echo "Policy building..." slow project policy build job: stage: build script: - sleep 15 && echo "Slow build completed." policy test job with needs: stage: test needs: - "build job" script: - echo "Project policy job started after build job" policy test job: stage: test script: - echo "Policy testing..."
- Create another project in the group:
Test
- In the project
Test
, go to Secure -> Policies, edit the policy project and selectSPP project
- In the project
Test
, create.gitlab-ci.yml
:build job: stage: build script: - echo "Compiling the code..." - echo "Compile complete." project test job: stage: test script: - echo "Running unit tests... This will take about 60 seconds." - echo "Code coverage is 90%" deploy job: stage: deploy environment: production script: - echo "Deploying application..." - echo "Application successfully deployed."
- Go to Pipelines and run pipeline
- Verify that jobs from both policies are injected into the pipeline
- Verify that jobs contain suffixes based on the policies they belong to
- Verify that job dependencies are preserved
Related to #455314 (closed)
Edited by Martin Čavoj