## Problem Applying a compliance framework label to projects with a missing `.gitlab-ci.yml` file will cause compliance pipelines to fail: > [A customer] found that if the compliance pipeline is set to a project that does not have a .gitlab-ci.yml, it fails with a `file `.gitlab-ci.yml` does not exist!“` They have many projects that don’t have `.gitlab-ci.yml` but should undergo our SAST scanners for compliance. Is there a way to make that include dependent on whether a .gitlab-ci.yml exists? ## Examples [Failed pipeline - missing file](https://gitlab.com/sam-s-test-group/expressexample/-/pipelines/310657974), delete the `.gitlab-ci.yml` file.  ## Investigation In [compliance-pipeline.gitlab-ci.yml](https://gitlab.com/sam-s-test-group/compliance-project/-/blob/master/compliance-pipeline.gitlab-ci.yml) there is an `include:` to look for this file, which may be causing the error when it's missing. ```yml include: - template: Security/SAST.gitlab-ci.yml - project: '$CI_PROJECT_PATH' file: '$CI_CONFIG_PATH' ``` ## Implementation Plan/Investigation * [ ] GitLab CI cannot create pipelines when `.gitlab-ci.yml` does not exist in a project, **even if the project is subject to compliance framework forced includes.** This is expected! * [ ] However, in the case of projects that are subject to compliance framework `include:` blocks, we could **temporarily create an empty .gitlab-ci.yml file** which is then merged with the compliance configuration. * This would silence the error saying that the CI config file doesn't exist and perform the compliance check too. * [ ] Update [documentation example](https://docs.gitlab.com/ee/user/project/settings/#compliance-pipeline-configuration) to leverage the approach to handle missing gitlab-ci.yml files. * We expect users to copy & paste that section frequently, so updating the example helps save users some steps. ## References [Slack discussion](https://gitlab.slack.com/archives/CN7C8029H/p1622119242098600) cc: @stkerr