Introduce `validate_schema` configuration for artifacts
What does this MR do?
As we will start validating the security report artifacts, we wanted to build a smooth way to transition from not having validation to validating everything. To do so, we are introducing a new(temporary) configuration key for artifacts on gitlab-ci.yml which is false by default to follow the current process. If this new attribute is set as true by the user then the validation process will happen.
The validation process will be forced in the future and we will remove the configuration key.
Related to #326319 (closed), #321918 (closed).
Note: I will introduce the changelog entry and the documentation with #321918 (closed).
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?- [-] I have included a changelog entry.
-
I have not included a changelog entry because the flag will not have any effect until we build the related feature.
- [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides - [-] Database guides
- [-] Separation of EE specific content
Availability and Testing
- [-] Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
- [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec - [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team