Force project CI when pipeline execution policies exist
What does this MR do and why?
This MR extends the Pipeline execution policies and enables the policy jobs to run when there's no project CI configuration.
Policy jobs that are defined in default stages are injected, other stages are silently ignored.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
CleanShot_2024-05-31_at_14.52.16
How to set up and validate locally
- Enable the feature flag
echo "Feature.enable(:pipeline_execution_policy_type)" | rails c
- Create two new projects. One for testing and one as the security policy project
- On the testing projects left sidebar, select Security & Compliance and Policies
- Select Edit policy project
- Select your security policy project and Save
- On you security policy project, create a new file
.gitlab/security-policies/policy.yml
with content:--- pipeline_execution_policy: - name: Test description: '' enabled: true content: policy build: stage: build script: - echo "Policy build." policy test: stage: test script: - echo "Policy test."
- Go to the project and run a new pipeline. It should run and contain the jobs defined in the pipeline execution policy even though there's no project CI configuration.
Related to #441252 (closed)
Edited by Martin Čavoj