Please help fill in this template with all the details to help others help you more efficiently. Use formatting blocks for code, config, logs and ensure to remove sensitive data.
Problem to solve
Describe your question in as much detail as possible:
We have existing centrally managed GitLab templates distributed through jobs and workflows. We have added security jobs to these templates and want to enforce them in such a way that:
• When a specific version of the template is used, the security jobs will automatically run.
• Application teams cannot bypass, skip, or ignore these security tasks, even if they fail.
Could using rules with conditions like when: always and setting allow_failure: false help enforce this? Additionally, how can we ensure that users cannot modify these configurations in a way that bypasses governance or weakens security requirements?
Steps to reproduce
Which troubleshooting steps have you already taken? Can you link to any docs or other resources so we know where you have been?
Configuration
Add the CI/CD configuration from .gitlab-ci.yml and other configuration if relevant (e.g., docker-compose.yml). Alternatively, create a public GitLab.com example project that provides all necessary files to reproduce the question.
Versions
Please select whether options apply, and add the version information.
• Self-managed
• GitLab.com SaaS
• Dedicated
• Self-hosted Runners
Versions
• GitLab (Web: /help or self-managed system information sudo gitlab-rake gitlab:env:info):
• GitLab Runner, if self-hosted (Web /admin/runners or CLI gitlab-runner --version):
Helpful resources
-
Check the FAQ for helpful documentation, issues/bugs/feature proposals, and troubleshooting tips.
-
Before opening a new topic, make sure to search for keywords in the forum search.
-
Check the GitLab and GitLab Runner projects for existing issues. If you encounter a bug, please create a bug report issue.
-
Review existing troubleshooting docs.
Thanks for taking the time to be thorough in your request, it really helps! 