PoC: Run fork MR/PR pipeliens in parent project
What does this MR do?
Fork users can create pipelines in a parent project, if it fulfills all of the following conditions:
- The option "Allow fork merge request (or pull request) to run pipelines in the parent project" is enabled in the parent project. This option is off by default.
- MR/PR has already been created in the parent project. If it doesn't exist, pipelines are not created even if user pushed a branch in a fork repo. i.e. branch pipelines are not supported.
- The parent/fork projects are public. Private repos are not supported for now.
Process flow overview
Internal Merge requests https://gitlab.com/gitlab-org/gitlab-ee/issues/11934
- The parent project enables "Allow fork merge request (or pull request) to run pipelines in parent project" option.
- An external user creates/updates a merge request from a forked repo.
-
MergeRequests::Create/UpdateService
runs, which triggersMergeRequests::CreatePipelineService
- The pipeline is created on parent project. This pipeline runs on
refs/head
orrefs/merge
in parent project. - Runners in the parent project execute the jobs.
External Pull requests https://gitlab.com/gitlab-org/gitlab-ce/issues/65139
- User created CI/CD only project from the parent project in GitHub
- The parent project enables "Allow fork merge request (or pull request) to run pipelines in parent project" option.
- An external user creates/updates a pull request from a forked repo.
-
created
/synchronize
events are notified via PullRequestWebhook to GitLab.ProcessGithubPullRequestEventService
is executed andSyncGitHubRefWorker
runs. -
ExternalPullRequests::FetchRefService
fetches PR specific refsrefs/head
(or mirroring) from the parent projects. -
ExternalPullRequests::CreatePipelineService
creates a pipeline on the fetched ref. - Runners in the parent project execute the jobs.
TODO:
-
Fork MR can create pipelines in parent -
Fork PR can create pipelines in parent
This MR is functional at this moment.
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Shinya Maeda