Remove custom CI action from processing (!159607) · Merge requests · GitLab.org / GitLab

Martin Čavoj requested to merge 472193-clean-up-the-security-policy-pipeline-execution-action-experiment-processing into master Jul 16, 2024

What does this MR do and why?

This is a next step in the cleanup of "custom CI experiment". This MR removes custom CI action from the CI processing. It covers the third point of the implementation plan in #472193 (closed).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

Enable the feature flag and the experimental toggle for a group (UI for the toggle has been already removed)

Feature.enable(:compliance_pipeline_in_policies)
Group.find(<id>).namespace_settings.update!(toggle_security_policy_custom_ci: true)

In the group above, create a project
Go to Secure -> Policies and create a new Scan Execution Policy

Go to .yaml mode and use the following:

type: scan_execution_policy
name: Secrets trigger with custom CI
description: ''
enabled: true
rules:
  - type: pipeline
    branch_type: all
actions:
  - scan: secret_detection
  - scan: custom
    ci_configuration: |
      custom_job:
        script:
          - echo "Custom job!"

Run a pipeline and verify that secret-detection-0 job is added into the pipeline, while custom_job is not.

Related to #472193 (closed)

Edited Jul 18, 2024 by Martin Čavoj

Remove custom CI action from processing

What does this MR do and why?

MR acceptance checklist

How to set up and validate locally

Merge request reports