Skip to content

Override ci.skip option when Pipeline execution policies are present

Martin Čavoj requested to merge 464562-enforce-pipeline-execution-policies-with-ci-skip-push-options into master

What does this MR do and why?

This change enforces pipeline to run if there are Pipeline execution policies applicable to the project regardless of ci.skip option.

Addresses suggestion from !150156 (comment 1931434533).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Enable the feature flag echo "Feature.enable(:pipeline_execution_policy_type)" | rails c
  2. Create two new projects. One for testing and one as the security policy project
  3. In the testing project, select Security & Compliance and Policies
  4. Select Edit policy project
  5. Select your security policy project and Save
  6. On you security policy project, create a new file .gitlab/security-policies/policy.yml with content: 
    ---
pipeline_execution_policy:
- name: Test
  description: ''
  enabled: true
  content:
    policy build:
      stage: build
      script:
      - echo "Policy build."
    policy test:
      stage: test
      script:
      - echo "Policy test."
  7. Go to the testing project and create default .gitlab-ci.yml CI configuration.
  8. Update README and commit the change with message [ci-skip] Update README
  9. Verify that pipeline is running and includes the policy jobs.

Related to #464562 (closed)

Edited by Martin Čavoj

Merge request reports