We know that to run CI/CD in a certain branch, we use option only in the gitlab-ci.yml
However, as an owner of a project, I don’t want to allow other developers to change the gitlab-ci.yml to run CI/CD in arbitrary branches. Developers have to merge your changes to the master branch to trigger the CI/CD pipeline.
What is the best solution for this case?
Hi,
good point, I had to research myself for protecting the CI config. That actually was made possible with maintaining the CI config in a different repository, if that is an option for you. That was added into the latest 12.6 release.
Cheers,
Michael
Hi Michael,
I read the mentioned article before, but I don’t think using CODEOWNERS file resolves my problems. Developers can still create a new branch and edit gitlab-ci.yml in their branch, and of course, this CI can be triggered.
Regarding your idea, maintaining the CI config in a different repository. Can you tell me more details? How can I trigger CI/CD when the config locates in an external project?
Hi,
actually I was not referring to CODEOWNERS but the possibility to move .gitlab-ci.yml into a different repository only 
Within your Project settings, navigate to CI / CD > General pipelines.
https://docs.gitlab.com/ee/user/project/pipelines/settings.html#custom-ci-configuration-path
Since 12.6 you may also add a URL or relative path like /ops/central-ci/.gitlab-ci-this-project.yml to the configuration. In terms of automating this procedure, the project settings can also be updated via the REST API 
Cheers,
Michael