►
From YouTube: GitLab 15.3 Kickoff - Verify:Pipeline Authoring
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Hi
everyone-
this
is
dr
oshkovic,
I'm
here
joined
by
nadia
satikova,
our
ux
design.
This
is
the
pipeline
authoring,
15.3
kickoff
video.
Let
me
go
ahead
and
share
our
planning
issue,
and
so,
as
always,
we
do
have
a
planning
issue,
issue
number
67,
underneath
the
pipeline
authoring
group,
where
we
discuss
the
scope
of
this
a
milestone.
A
The
goals
of
this
milestone
is:
there
is
one
main
goal
which
is
improving
our
secret
management
integration
by
moving
the
jwt
open
id
token
from
alpha
to
ga,
and
so
we
have
one
last
front-end
issue
that
we
want
to
complete
and
we
can
do
that.
But
let
me
just
dive
into
this
issue
and
explain
a
little
bit.
What
does
it
mean?
A
The
method
number
one
up
until
today,
the
jwt
token,
was
available
as
a
variable
across
all
your
pipelines
and
all
your
jobs,
which
means
that
all
you
need
is
one
compromise
job.
For
this
token
to
be
leaked
now,
there
is
no
real
need
for
this
token,
to
be
shared
across
all
your
jobs
in
your
pipeline,
because
there
are
specific
jobs
that
needs
to
be
authenticated
against
different
third
parties.
A
So
the
first
thing
that
we
are
doing
is
allowing
users
to
opt
in
the
token
so
whenever
they
want
to
use
the
token
they
need
to
declare
that
token
for
a
specific
job,
and
it
is
listed
in
the
backend
issue
here.
So
whenever
you
have
a
job
name,
you
declare
use
the
secret
keyword
and
then
you
give
a
name-
and
this
is
the
name
of
a
variable
which
will
be
used
as
the
token,
and
so
so.
This
is
the
first
layer.
The
second
layer
is
configuring.
A
The
audience
claim
is
the
this
is
where
you
specify
where
you
want
to
technically
authenticate
against
up
until
today,
in
the
old
method,
we
didn't
have
a
way
to
configure
the
audience
claim,
which
means
that
if
you
use
the
jwt
token,
you
could
actually
use
it
against
any
other
third
party,
which
is
not
secure
because
again,
if
this
token
is
lit,
it
can
be
used
against
different
third
parties
and
with
the
audience
claim
you
can
scope
and
narrow
exactly
where
you
want
this
token
to
be
authenticated
against.
A
So
this
is
the
second
layer
of
protection
that
we'll
have
one
is
opting.
In
the
token
two
is
configuring
the
audience
claim
and
this
entire
work.
As
I
mentioned,
we
have
two
versions
of
the
token
we
will
allow
user
to
opt
in
for
the
most
secured
way,
because
we
want
to
make
sure
we
maintain
a
backward
compatibility.
A
There
won't
be
this
switch
button
won't
be
available,
and
this
will
be
the
only
way
to
authenticate
and
use
the
jwt
token,
so
we'll
obviously
announce
it
as
a
part
of
the
breaking
changes,
but
for
now
user
will
be
able
to
opt.
In
the
token,
this
is
the
main
focus
of
the
milestone.
Of
course,
we
have
more
work
that
is
building
more
foundations
around
the
way
we
are
using
variable.
But
this
is
something
that
we'll
discuss
in
the
next
iteration.
Also
in
the
next
milestone.
A
B
Next,
I
will
be
working
on
the
design
for
this
issue
that
will
allow
you
to
lift
or
like
manage
the
limit
for
the
parse
yml
size
in
your
project.
So
currently
gitlab
limits
the
parsed
yaml
size
in
your
project
and
some
of
our
customers
are
hitting
this
limitation.
So
we
want
to
add
a
setting
that
allows
you
to
manage
that
limit.
B
Another
issue
has
to
do
with
surfacing
information
about
runner
setup
during
size,
the
onboarding.
So,
as
you
are
boarding
with
ci
cd,
if
you
are
a
self-managed
user,
you
will
need
to
set
up
your
own
runner.
If
you
are
a
sas
user,
you
might,
you
will
probably
have
access
to
shared
runners,
but
they
can
also
be
disabled,
in
which
case
you
will
still
have
to
set
up
your
own
runners.
B
So
we
need
to
surface
this
information
during
csd
onboarding
at
some
point
before
you
start
creating
your
pipeline
configuration
because
we
don't
want
users
to
have
failed
pipelines
because
they
don't
have
runners
set
up
yet
so
it's
the
the
step
that
they
have
to
complete
first,
so
we
will
be
making
part
of
your
cisd
onboarding
flow,
and
the
other
issue
is
the
research
issue
that
I
will
be
working
on
as
we're
starting
our
work
around
secrets,
management
I'll,
be
doing
a
meta-analysis
research
diving
into
all
of
the
existing
research
issues
that
we've
completed
around
secrets,
management
and
validating
our
secret
jobs
to
be
done
to
prepare
us
for
their
work
to
come
and
for
category
maturity
scorecard
in
the
future.