Add branch filter to scheduled pipeline execution policies
What does this MR do and why?
This allows to run scheduled pipeline execution policies for certain branch names. If branches is not provided, it will use the default branch.
If branches are provided but the project doesn't have those branches, it won't start a pipeline.
References
Related issue: #504143
How to set up and validate locally
-
Create a new group.
-
Create a new project on the group.
-
Create two new branches on the project
scheduleandschedule-2. -
Add a simple CI config file
policy-ci.yml:pipeline execution policy job: stage: .pipeline-policy-pre script: - echo "Enforce your policy here" -
Add a
.gitlab/security-policies/policy.ymlfile to the project with content (Replacepath/to/projectwith the path to your project):--- experiments: pipeline_execution_schedule_policy: enabled: true pipeline_execution_policy: [] approval_policy: [] pipeline_execution_schedule_policy: - name: test description: '' enabled: true pipeline_config_strategy: schedule content: include: - project: path/to/project file: policy-ci.yml schedules: - type: daily start_time: '10:00' branches: - schedule - schedule-2 - schedule-3 time_window: value: 600 distribution: random -
Go back to the group page and on the left sidebar, select Security & Compliance and Policies.
-
Select Edit policy project and select your project. Then select Save.
-
Start the schedule worker manually to trigger the schedule (replace PROJECT_ID with the ID of your project):
Security::PipelineExecutionPolicies::RunScheduleWorker.new.perform(PROJECT_ID) -
Go to Build -> Pipelines in your project and wait for the scheduled pipeline to appear. There should be 2 new pipelines. One for the
schedulebranch and one forschedule-2.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #504143