Hide code of included pipelines from external users?


Our current infrastructure hosts a lot of projects on our private GitLab EE instance.
To manage our projects consistently, we have a main repo for all our DevOps pipelines that these projects use.

The main problem is, that to be able to even trigger pipelines, external users need at least Reporter access to our shared pipelines repository. As soon as we only add them as Guest users, they won’t see the code but they also cannot trigger pipelines.

But we do not want to have external users see any of the pipeline code, but still be able to trigger pipelines. We are kind of protective of the work we did over the last years as it cost a lot of time and testing to get where we are now. And because customers are lately starting to demand having full ownership of their source code, there is a chance that somebody will try to copy our pipeline configuration to get a quick start for their own infrastructure. While the pipelines themselves won’t get them anywhere, we still do not want them to access these sources.

Isn’t there any way to solve this issue?