Advanced Tutorial: GitLab Pipeline Execution Policies

Introduction

This tutorial will explain how to utilize pipeline execution policies to create guardrails around the stages or jobs that a developer can use in their pipeline definition. Any job or stage that a developer adds to their pipeline that does not adhere to a corporate standard will cause the pipeline to fail.

Shell Script

• The shell script provided performs sanity checks and ensures the existence of a pipeline ID, project ID, and group access token.
• It checks if pipeline stages and jobs are on the approved list.

Pipeline Execution Policies YAML Snippet

• Variables are set in the YAML snippet for use in the shell script.
• A new job is added to a reserved stage for pipeline execution policies.

Setting up Pipeline Execution Policies

1. Navigate to your GitLab project.
2. Go to CI/CD > Security & Compliance > Security Policies.
3. Click on New Policy and select Pipeline Execution Policy.
4. Choose Inject in the Actions section and select the project and file containing your YAML snippet.
5. Click on Merge in the MR to create a Security Policy Project for storing policies.

Conclusion

Using GitLab Pipeline Execution Policies, you can enforce restrictions on stages or jobs in your pipelines to ensure compliance with corporate standards. Storing YAML code used by policies in a Security Policy Project can help manage access restrictions effectively.