Skip to content

Draft: Add admin setting to restrict CI/CD Catalog publishing

Furkan Ayhanrequested to merge
epic-14060-POC into master

What does this MR do and why?

This POC introduces an allowlist mechanism that enables administrators to control which projects can publish components to the CI/CD Catalog.

Changes:

  • Add ci_cd_catalog_projects_allowlist application setting to store allowed project paths as an array
  • Create new "Catalog" section in admin CI/CD settings page with a text area for managing the allowlist
  • Implement check_project_access validation in the release service to enforce the allowlist during component publishing

Behavior:

  • When the allowlist is empty (default), all projects can publish
  • When populated, only projects whose full_path matches an entry in the allowlist can publish to the Catalog
  • Projects not in the allowlist receive an error message when attempting to publish

This POC is intentionally incomplete:

  • No tests included
  • No documentation
  • Missing UI changes (e.g., disabling the "Set component project as a CI/CD Catalog project." toggle)

References

Catalog enhancement - allow administrator to re... (&14060)

Screenshots or screen recordings

Screenshot_2025-09-30_at_14.47.08

Screenshot_2025-09-30_at_15.27.36

Screenshot_2025-09-30_at_15.25.46

Screenshot_2025-09-30_at_15.27.29

Screenshot_2025-09-30_at_15.27.46

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports