Beyond Identity: Add an option to allow commits from Gitlab service accounts to be pushed to the repository even if the commits are not signed.
Summary
As part of [MVC] Beyond Identity integration (#431433 - closed), we added an option to validate GPG keys with Beyond Identity. When the Beyond Identity integration is enabled, any new key uploaded to a user’s profile is validated against Beyond Identity. Any key that does not pass validation is rejected and the user is required to upload a new key.
When users push commits to the GitLab instance where the Beyond Identity integration is enabled, a pre-receive check is performed that validates the signed commits against the GPG key stored in the user’s profile. Any commit that is signed with the validated key in the user’s profile will be accepted and pushed to the repository.
However, as part of [Post-MVC] Beyond Identity integration (&13257), there is a need for more granular options to allow skipping the Beyond Identity check in certain scenarios. Only an admin should be able to enable/disable options to skip the Beyond Identity check and this should be done from the Beyond Identity integration page.
Configuration Options
- In the Beyond Identity Integration Page
- Add an option labeled Allow commits from Gitlab service accounts to be pushed to the repository even if the commits are not signed
- This option only applies to Gitlab service accounts. Bot users that are not service accounts are excluded.
- Add an option labeled Allow commits from Gitlab service accounts to be pushed to the repository even if the commits are not signed