Protected runner executes jobs on protected branch [Solution 1]
What does this MR do?
This MR is continued from https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192. To accomplish this feature, we need to implement a mechanism for "Protected runner executes jobs on protected branch. Unprotected runner executes jobs on unprotected branch". However, there is a technical challenge that ci_builds doesn't have data whether the ref is protected or not.
This MR addresses the challenge with Solution 1.
Solution 1. Persists
protected
(ref) flag onci_pipelines
table.builds_for_shared_runner
andbuilds_for_specific_runner
read the flag instead of executingprotected_for?
one by one.
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192#note_36332863
Update Aug 21st
We expand ci_biulds
instead of ci_pipelines
. See https://gitlab.com/gitlab-org/gitlab-ce/issues/33281#note_37674757.
Compared with solution2
-
Pro
-
Fast
-
Scalable
-
Con
-
If user changes the ref protection, do we need to update the corresponded data on ci_pipelines? https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/13192#note_36334215
-
Alter column on ci_pipelines
Are there points in the code the reviewer needs to double check?
How should we mark the protected
flag on ci_biulds
? Do we leverage it by only protected-branch-or-not?
Why was this MR needed?
This is aimed for %10.0
Screenshots (if relevant)
Edit Show When there is a only protected runnners and a job was created on a unprotected branch
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added - Tests
-
Added for this feature/bug -
All builds are passing
-
- Review
- [-] Has been reviewed by UX
- [-] Has been reviewed by Frontend
-
Has been reviewed by Backend - [-] Has been reviewed by Database
-
Conform by the merge request performance guides -
Conform by the style guides -
Branch has no merge conflicts with master
(if it does - rebase it please) -
Squashed related commits together