Remove custom CI action from processing
requested to merge 472193-clean-up-the-security-policy-pipeline-execution-action-experiment-processing into master
What does this MR do and why?
This is a next step in the cleanup of "custom CI experiment". This MR removes custom CI action from the CI processing. It covers the third point of the implementation plan in #472193 (closed).
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
- Enable the feature flag and the experimental toggle for a group (UI for the toggle has been already removed)
Feature.enable(:compliance_pipeline_in_policies) Group.find(<id>).namespace_settings.update!(toggle_security_policy_custom_ci: true)
- In the group above, create a project
- Go to Secure -> Policies and create a new Scan Execution Policy
- Go to
.yaml mode
and use the following:type: scan_execution_policy name: Secrets trigger with custom CI description: '' enabled: true rules: - type: pipeline branch_type: all actions: - scan: secret_detection - scan: custom ci_configuration: | custom_job: script: - echo "Custom job!"
- Run a pipeline and verify that
secret-detection-0
job is added into the pipeline, whilecustom_job
is not.
Related to #472193 (closed)
Edited by Martin Čavoj