Package: Display Verified UI element to individual packages
Problem to solve
Organizations that fully utilize the power of GitLab's CI/CD Pipelines to generate images often find a large number of images difficult to sort through. Specifically, users who manage images indicating to colleagues what image is good to use.
Intended users
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/ -->
Further details
Common situation: A DevOps manager is tasked with confirming the base image to be used by the rest of their organization. It is currently difficult to communicate this information, often ending with the DevOps manager looking up the image themselves and sending the details over to the engineer.
Proposal
As an MVC, I propose we add a "Verified" function to individual packages/images.
This includes the following actions:
- The ability via the API to add and remove a verified flag to that tag/version.
- A moment in the UI that shows that the tag/version is verified.
- The ability to add or remove the verified flag via the UI
- Settings that set the permission level required to change the verified state (Default to Maintainer)
Further Ideas:
- Add the ability for verified images to be updated via the CI (latest version from the master branch is automatically tagged as verified)
- Add rules like images that can't be built and tested or that have a security warning get a warning if a user attempts to verify
Permissions and Security
As we introduce more complex verifications