Skip to content

[Frontend] Add 'compliance pipeline configuration location' value to custom compliance frameworks form

Problem to solve

In #231247 (closed) we are pivoting on compliance framework project labels to allow customers to customize them. Currently, these labels are hard-coded and informational only.

Learning from both the initial implementation of labels and a now-related problem validation cycle about group-level compliance pipeline configurations, customers will need a way to associate specific projects with pre-defined compliance CI configuration files (e.g. hipaa-include.gitlab-ci.yml).

Intended users

User experience goal

A group owner can add a compliance pipeline configuration location value to a customized compliance framework project label they create at the group-level.

Proposal

🆕 field 🆕 project readonly field
Text Readonly

[Root] Group Level Settings > General > New/Edit

  • Title
  • Description
  • Settings Enforcement
  • Force Merge
  • + Compliance pipeline configuration location (optional)
  • Background color

Project Level Settings > CI/CD

  • ...
  • Custom CI configuration path
  • + Compliance pipeline configuration location

Note: This value should be inherited by a project, but is not the same as custom CI configuration path. It should be disabled and read-only.

Mockups

Settings Page Edit New
Settings___General__New_label_ 5 2

Feature flag

Re uses the existing flag for compliance frameworks: ff_custom_compliance_frameworks

Disabled by default

Out of scope

  • Using the inputted value for any logical change to the CI pipeline.
  • Enabling the feature for production use.
  • @asubramanian1 is investigating the use of multi-project pipelines for the next step, which is to implement the pipeline itself. This is related to, but not within scope for this issue.

Update: Issue for using the group-level configuration: #281049 (closed)

Further details

This value - Compliance pipeline configuration location, e.g. hipaa-include.gitlab-ci.yml@group/compliance-project - should serve as the reference that $CI_PROJECT_CONFIG_PATH will use to know that all projects with this reference/value should combine the local .gitlab-ci.yml CI configuration with hipaa-include.gitlab-ci.yml@group/compliance-project at runtime.

Implementation plan

Originally conceived in #254389 (closed)

frontend - 2️⃣

If the feature flag :ff_custom_compliance_frameworks is set and the user is on GitLab Ultimate (the form is on GitLab Premium):

  • Add Compliance pipeline configuration location input to the shared compliance frameworks form app created in #287827 (closed)
    • Validate the location using getRawFile() in app/assets/javascripts/api.js:706
    • Use a loading/checking icon on the input while it validates and return a positive or negative response
  • Save the validated input via the GraphQL API endpoint created in #255340 (closed)
  • Update tests

This may need to be split into a separate MR depending on the aboves complexity and MR size

  • Add Compliance pipeline configuration location to the CI/CD view app/views/projects/settings/ci_cd/show.html.haml
    • The value can be retrieved from the compliance framework applied to project e.g. @project.project.compliance_framework_setting.compliance_management_framework
    • This should be a readonly input field and provide further details as to how to change this value
Edited by Robert Hunt