Always override project config when `override_project_ci` is applicable
What does this MR do and why?
Previously, when a pipeline execution policy used workflow rules that prevented policy jobs from running, the project’s original CI/CD configuration remained in effect instead of being overridden.
With this change, the project configuration is always overridden. This change is more in line with expectations of users migrating from compliance pipelines.
We've received customer feedback indicating that without this, it would mean a significant effort to rework their configuration.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable feature flag
policies_always_override_project_ci - Create a project
- Create a pipeline execution policy with
override_project_cistrategy and the following config:workflow: rules: - if: $CI_PIPELINE_SOURCE == "push" when: never - when: always include: - project: '$CI_PROJECT_PATH' file: '$CI_CONFIG_PATH' ref: '$CI_COMMIT_SHA' job: script: echo "Via compliance" - Create
.gitlab-ci.ymlin the project:job: script: echo "Via project" job2: script: echo "Via project" - Create MR in the project
- Verify that only MR pipelines were created, no branch pipelines (except the initial one before the MR was created on the branch)
Related to #512123 (closed).