Add CI/CD Catalog publishing allowlist

Furkan Ayhanrequested to merge
582044-catalog-publish-allowlist-2 into master

What does this MR do and why?

Introduces an application setting that allows administrators of self-managed and GitLab Dedicated instances to restrict which projects can publish components to the CI/CD Catalog.

This feature addresses governance requirements for enterprise customers who want to maintain a curated, trusted catalog by controlling what gets published.

When the allowlist is empty (default), all projects can publish (preserving current behavior). When populated, only projects matching an entry can publish. Invalid regex patterns fall back to exact string matching.

References

Screenshots or screen recordings

Success

  1. Have a Premium+ subscription.

  2. Add projects to the allowlist

Screenshot_2025-12-09_at_10.04.48

  1. Create a component: https://docs.gitlab.com/ci/components/#create-a-component-project

Screenshot_2025-12-09_at_09.15.47

  1. Publish it: https://docs.gitlab.com/ci/components/#publish-a-component-project

Screenshot_2025-12-09_at_09.21.09

Screenshot_2025-12-09_at_09.42.11

  1. See the published component: http://gdk.test:3000/explore/catalog

Screenshot_2025-12-09_at_09.43.16

Failure

Screenshot_2025-12-09_at_10.11.38

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Furkan Ayhan

Merge request reports