►
From YouTube: Required Pipeline Configuration Alternative
Description
This video was made in response to conversations with Jason Yavorska & Matt Gonzales
https://gitlab.com/groups/gitlab-org/-/epics/3156#note_387526890
A
A
A
How
they're
deploying
out
to
maybe
development
level
environments,
which
is
great
with
and
get
lab,
is
very
empowering
from
that
standpoint,
where
get
lab
might
in
in
some
people's
opinion,
fall
short
as
the
ability
for
a
an
external
team
to
really
dictate
a
few
key
things
within
a
gitlab
yaml
definition
to
ensure
that
certain
things
are
always
happening
for
certain
types
of
projects
say.
Let's
say
that
you
have
a
some
sort
of
compliance
or
hipaa
compliance
or
pci
compliance.
It
would
be
great
to
be
able
to
say
anything
that
requires
pci.
A
So
get
lab's
original
solution,
for
this
was
this
instance
wide,
meaning
that
every
every
applicator
or
every
project
on
a
particular
installation
would
be
required.
A
certain
pipeline
configuration
and
again
this
is
an
instance
wide
setting,
and
it
allows
a
instance
administrator
to
define
a
pipeline
or
pipeline
jobs
that
always
need
to
be
able
to
run.
A
This
solution
is
relying
on
dynamic
child
pipelines
and
it
gives
the
compliance
team,
so
this
compliance
project
yaml
the
ability
to
set
specific
jobs
before
and
after
so
they
have
this
before
stage
and
after
stage,
and
then
these
the
project
stage,
so
they
can
do
their
static
analysis
before
and
their
dynamic
analysis.
After
and
in
the
middle,
let
the
development
teams
utilizing
dynamic.
Child
pipelines
run
their
their
own
gitlab
ammo
file,
that's
totally
dependent
on
on
their
workflow
and
really
what
you
have
to
do.
A
Is
you
just
set
this
custom
ci
configuration
path
within
the
developer
project,
and
when
that
is
set
to
this
external
location,
the
developer
doesn't
have
the
ability
to
modify
this
and
they
get
their
jobs
included
in
their
their
in
their
workflow.
So
we're
back
on
their
separation,
poc,
developer
project
and
we're
seeing
sas
happen
and
dashed
happen,
and
then,
within
this
child
pipeline,
you
see
this
compile
unit
and
dev,
so
the
the
jobs
that
the
developer
cares
about.
A
One
of
the
gaps
here
is
that
parent
or
the
these
dynamic
child
pipelines,
the
artifacts,
are
not
shared
between
the
two,
so
the
sas
artifacts
are
not
propagated
down
and
subsequently,
like
the
test
results,
deploy
results
aren't
propagated
back
up,
meaning
the
merge
request
page
becomes
way
less
valuable
for
the
the
developer.
A
A
another
option
for
this
is-
and
one
of
the
the
other
caveats
here
is
that
the
auditing
team
doesn't
really
have
insight
into
who's.
Who
has
these
enabled?
A
So
this
is
an
additional
modification
of
the
the
last
proposal
that
I
just
presented
and
it
adds
an
additional
stage
called
aldi
audit,
which
is
going
to
kick
off
a
downstream
pipeline.
Using
the
job
trigger
syntax
and
it's
going
to
record
a
all
of
the
the
projects
that
are
calling
this
and
what
so,
when
you
set
the
requiring
record
for
the
developer
project.
A
Now,
when
this
pipeline
kicks
off,
we,
we
actually
see
a
and
now
we're
in
our
compliance
project,
and
you
can
see
that
it's
recording
and
we
we
can
drill
back
into
this,
the
developer
project
and
see
the
sas
run
and
the
dash
run
and
this
record
job
run.
So
it
gives
the
the
compliance
team
some
level
of
insight
into
who's
who's,
utilizing
this.
This
capability.
A
Ideally,
though,
we
wouldn't
have
to
rely
on
these
dynamic
child
pipelines
for
this
and
there's
a
couple
different
options
that
I
think
we
could
pursue.
One
is
the
an
additional
key
within
the
includes
syntax,
which
would
be
relative,
so
relative
would
mean
that
it's
local
to
the
project
running
the
gitlab
yaml
file,
not
the
local,
to
the
the
in
this
instance.
The
compliance
project,
so
relative,
whatever
developer
project,
is
utilizing
this
the
gitlab
yaml
would
be
picked
up
there.
A
A
In
addition
to
this,
the
compliance
framework
seems
to
be
the
best
fit
for
for
pairing
with
this,
so
we
have
within
a
the
developer
project
they
can
specify
which,
which
compliance
framework
they
adhere
to,
and
if
we
had
the
ability
to
tie
a
gitlab
yaml
file.
Here,
we
and
pair
that,
with
this
include
statement,
either
relative
or
remote,
utilizing
the
ci
project
variables,
the
the
compliance
team
can
globally.
You
know,
manage
and
monitor
those
capabilities
and
not
disrupt
everyone
in
a
particular
particular
gitlab
instance.
A
One
other
thing
to
know
is
the
ci
config
path
which
I
was
referencing
before
is
also
available
via
our
get
lab
projects,
api,
which
gives
the
which
gives
the
compliance
team
some
way
to
consistently
monitor
and
ensure
that
the
ci
configuration
path
is
what
it's
supposed
to
be
thanks
for
your
time.
Hopefully,
this
was
helpful.