Mark CI Pipelines of MRs between protected branches as protected
Why this MR ?
- To implement this feature enhancement epic
- We have two related open issues caused by the same root cause that needs to be fixed. The values for
CI_COMMIT_REF_PROTECTED predefined CI variableandvalue for ref_protected claim in CI JWT ID Tokenare set asfalsefor all Merge Request pipelines - We want to set it as
trueif both thesource_branchandtarget_branchof a Merge Request areprotected. - Incorrect value for CI_COMMIT_REF_PROTECTED predefined CI variable Issue
- Incorrect value for ref_protected claim in CI JWT ID Token
What does this MR do ?
- We add a new project setting
protect_merge_request_pipelinesthat controls this feature. Disabled for existing projects to prevent breaking of existing pipelines and enabled for newly created projects - If the
protect_merge_request_pipelinessetting is enabled and both source and target branch of a Merge Request are protected, then we mark the Merge Request pipeline as protected - Additionally, if the MR if from a forked repository, we DO NOT mark the pipeline as protected
- For newly created projects we set this setting to
trueby default - All changes are behind a derisk Feature Flag
- Feature Flag rollout and cleanup issue
References
- &17186 (closed)
- #363554 (closed)
- #420463 (closed)
- #536349 (closed)
- Previous closed MR that tried to fix this issue
Screenshots
| Before | After |
|---|---|
 |
 |
 |
 |
 |
 |
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Jayakrishnan Mallissery