Skip to content

Handle variables_attributes for policy pipelines

What does this MR do and why?

This change adds support for variables_attributes for policy pipelines. This allows conditional inclusion of the project jobs when development teams decide on runtime that they only want to run compliance jobs (based on a "run variable").

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. Create a project with a default .gitlab-ci.yml
  2. Create an override_project_ci policy:
    policy-job-test:
      stage: test
      script:
        - echo "Policy test"
    
    include:
    - project: $CI_PROJECT_PATH
      ref: $CI_COMMIT_SHA
      file: $CI_CONFIG_PATH
      rules:
        - if: $CF_STANDALONE_MODE == 'true'
          when: never
        - when: always
  3. Run a pipeline with variable CF_STANDALONE_MODE: 'true'
  4. Verify that only policy jobs are present
  5. Run a pipeline without any variables
  6. Verify that both policy and project jobs are present in the pipeline

Related to #462004 (closed)

Merge request reports

Loading