Commit 80490edf authored by Suzanne Selhorn's avatar Suzanne Selhorn Committed by Phil Hughes

Edited protected branches for CTRT

parent d08dbd1f
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
.col-md-10 .col-md-10
= render partial: "projects/protected_branches/shared/dropdown", locals: { f: f } = render partial: "projects/protected_branches/shared/dropdown", locals: { f: f }
.form-text.text-muted .form-text.text-muted
- wildcards_url = help_page_url('user/project/protected_branches', anchor: 'wildcard-protected-branches') - wildcards_url = help_page_url('user/project/protected_branches', anchor: 'configure-multiple-protected-branches-by-using-a-wildcard')
- wildcards_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: wildcards_url } - wildcards_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: wildcards_url }
= (s_("ProtectedBranch|%{wildcards_link_start}Wildcards%{wildcards_link_end} such as %{code_tag_start}*-stable%{code_tag_end} or %{code_tag_start}production/*%{code_tag_end} are supported.") % { wildcards_link_start: wildcards_link_start, wildcards_link_end: '</a>', code_tag_start: '<code>', code_tag_end: '</code>' }).html_safe = (s_("ProtectedBranch|%{wildcards_link_start}Wildcards%{wildcards_link_end} such as %{code_tag_start}*-stable%{code_tag_end} or %{code_tag_start}production/*%{code_tag_end} are supported.") % { wildcards_link_start: wildcards_link_start, wildcards_link_end: '</a>', code_tag_start: '<code>', code_tag_end: '</code>' }).html_safe
.form-group.row .form-group.row
......
...@@ -26,7 +26,7 @@ relevant compliance standards. ...@@ -26,7 +26,7 @@ relevant compliance standards.
|**[Audit events](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. | Premium+ | **{check-circle}** Yes | Instance, Group, Project | |**[Audit events](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. | Premium+ | **{check-circle}** Yes | Instance, Group, Project |
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. | Premium+ | **{dotted-circle}** No | Instance | |**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. | Premium+ | **{dotted-circle}** No | Instance |
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. | Ultimate | **{dotted-circle}** No | Instance | |**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. | Ultimate | **{dotted-circle}** No | Instance |
|**Separation of Duties using [Protected branches](../user/project/protected_branches.md#protected-branches-approval-by-code-owners) and [custom CI Configuration Paths](../ci/pipelines/settings.md#custom-cicd-configuration-file)**<br> GitLab Premium users can leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. View the [Separation of Duties Deploy Project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and [Separation of Duties Project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md) to see how to use this set up to define these roles. | Premium+ | **{check-circle}** Yes | Project | |**Separation of Duties using [Protected branches](../user/project/protected_branches.md#require-code-owner-approval-on-a-protected-branch) and [custom CI Configuration Paths](../ci/pipelines/settings.md#custom-cicd-configuration-file)**<br> GitLab Premium users can leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. View the [Separation of Duties Deploy Project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and [Separation of Duties Project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md) to see how to use this set up to define these roles. | Premium+ | **{check-circle}** Yes | Project |
|**[Compliance frameworks](../user/project/settings/index.md#compliance-frameworks)**<br>Create a custom compliance framework at the group level to describe the type of compliance requirements any child project needs to follow. | Premium+ | **{check-circle}** Yes | Group | |**[Compliance frameworks](../user/project/settings/index.md#compliance-frameworks)**<br>Create a custom compliance framework at the group level to describe the type of compliance requirements any child project needs to follow. | Premium+ | **{check-circle}** Yes | Group |
|**[Compliance pipelines](../user/project/settings/index.md#compliance-pipeline-configuration)**<br>Define a pipeline configuration to run for any projects with a given compliance framework. | Ultimate | **{check-circle}** Yes | Group | |**[Compliance pipelines](../user/project/settings/index.md#compliance-pipeline-configuration)**<br>Define a pipeline configuration to run for any projects with a given compliance framework. | Ultimate | **{check-circle}** Yes | Group |
|**[Compliance dashboard](../user/compliance/compliance_dashboard/index.md)**<br>Quickly get visibility into the compliance posture of your organization. | Ultimate | **{check-circle}** Yes | Group | |**[Compliance dashboard](../user/compliance/compliance_dashboard/index.md)**<br>Quickly get visibility into the compliance posture of your organization. | Ultimate | **{check-circle}** Yes | Group |
...@@ -280,7 +280,7 @@ Example response: ...@@ -280,7 +280,7 @@ Example response:
### Example with user / group level access **(PREMIUM)** ### Example with user / group level access **(PREMIUM)**
Elements in the `allowed_to_push` / `allowed_to_merge` / `allowed_to_unprotect` array should take the Elements in the `allowed_to_push` / `allowed_to_merge` / `allowed_to_unprotect` array should take the
form `{user_id: integer}`, `{group_id: integer}` or `{access_level: integer}`. Each user must have access to the project and each group must [have this project shared](../user/project/members/share_project_with_groups.md). These access levels allow [more granular control over protected branch access](../user/project/protected_branches.md#restricting-push-and-merge-access-to-certain-users) and were [added to the API](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3516) in GitLab 10.3 EE. form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`. Each user must have access to the project and each group must [have this project shared](../user/project/members/share_project_with_groups.md). These access levels allow [more granular control over protected branch access](../user/project/protected_branches.md).
```shell ```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_branches?name=*-stable&allowed_to_push%5B%5D%5Buser_id%5D=1" curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_branches?name=*-stable&allowed_to_push%5B%5D%5Buser_id%5D=1"
......
...@@ -301,7 +301,7 @@ A strict security model is enforced when pipelines are executed on ...@@ -301,7 +301,7 @@ A strict security model is enforced when pipelines are executed on
[protected branches](../../user/project/protected_branches.md). [protected branches](../../user/project/protected_branches.md).
The following actions are allowed on protected branches only if the user is The following actions are allowed on protected branches only if the user is
[allowed to merge or push](../../user/project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings) [allowed to merge or push](../../user/project/protected_branches.md)
on that specific branch: on that specific branch:
- Run manual pipelines (using the [Web UI](#run-a-pipeline-manually) or [pipelines API](#pipelines-api)). - Run manual pipelines (using the [Web UI](#run-a-pipeline-manually) or [pipelines API](#pipelines-api)).
......
...@@ -72,7 +72,7 @@ the tiers are no longer mentioned in GitLab documentation: ...@@ -72,7 +72,7 @@ the tiers are no longer mentioned in GitLab documentation:
- [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals) - [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals)
- [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers) - [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers)
- [Approval rules](../user/project/merge_requests/approvals/rules.md) features - [Approval rules](../user/project/merge_requests/approvals/rules.md) features
- [Restricting push and merge access to certain users](../user/project/protected_branches.md#restricting-push-and-merge-access-to-certain-users) - [Restricting push and merge access to certain users](../user/project/protected_branches.md)
- [Visual Reviews](../ci/review_apps/index.md#visual-reviews) - [Visual Reviews](../ci/review_apps/index.md#visual-reviews)
- Metrics and analytics: - Metrics and analytics:
- [Contribution Analytics](../user/group/contribution_analytics/index.md) - [Contribution Analytics](../user/group/contribution_analytics/index.md)
......
...@@ -195,7 +195,7 @@ The following table lists project permissions available for each role: ...@@ -195,7 +195,7 @@ The following table lists project permissions available for each role:
1. Guest users can only view the confidential issues they created themselves. 1. Guest users can only view the confidential issues they created themselves.
1. If **Public pipelines** is enabled in **Project Settings > CI/CD**. 1. If **Public pipelines** is enabled in **Project Settings > CI/CD**.
1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md). 1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md).
1. If the [branch is protected](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings), this depends on the access Developers and Maintainers are given. 1. If the [branch is protected](project/protected_branches.md), this depends on the access Developers and Maintainers are given.
1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits. 1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits.
1. Actions are limited only to records owned (referenced) by user. 1. Actions are limited only to records owned (referenced) by user.
1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing. 1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
...@@ -223,7 +223,7 @@ which visibility level you select on project settings. ...@@ -223,7 +223,7 @@ which visibility level you select on project settings.
Additional restrictions can be applied on a per-branch basis with [protected branches](project/protected_branches.md). Additional restrictions can be applied on a per-branch basis with [protected branches](project/protected_branches.md).
Additionally, you can customize permissions to allow or prevent project Additionally, you can customize permissions to allow or prevent project
Maintainers and Developers from pushing to a protected branch. Read through the documentation on Maintainers and Developers from pushing to a protected branch. Read through the documentation on
[Allowed to Merge and Allowed to Push settings](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings) [protected branches](project/protected_branches.md)
to learn more. to learn more.
### Value Stream Analytics permissions ### Value Stream Analytics permissions
......
...@@ -77,7 +77,7 @@ After you've added Code Owners to a project, you can configure it to ...@@ -77,7 +77,7 @@ After you've added Code Owners to a project, you can configure it to
be used for merge request approvals: be used for merge request approvals:
- As [merge request eligible approvers](merge_requests/approvals/rules.md#code-owners-as-eligible-approvers). - As [merge request eligible approvers](merge_requests/approvals/rules.md#code-owners-as-eligible-approvers).
- As required approvers for [protected branches](protected_branches.md#protected-branches-approval-by-code-owners). **(PREMIUM)** - As required approvers for [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch). **(PREMIUM)**
Developer or higher [permissions](../permissions.md) are required to Developer or higher [permissions](../permissions.md) are required to
approve a merge request. approve a merge request.
...@@ -93,11 +93,11 @@ without using [Approval Rules](merge_requests/approvals/rules.md): ...@@ -93,11 +93,11 @@ without using [Approval Rules](merge_requests/approvals/rules.md):
1. Create the file in one of the three locations specified above. 1. Create the file in one of the three locations specified above.
1. Set the code owners as required approvers for 1. Set the code owners as required approvers for
[protected branches](protected_branches.md#protected-branches-approval-by-code-owners). [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch).
1. Use [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files) 1. Use [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files)
to specify the actual owners and granular permissions. to specify the actual owners and granular permissions.
Using Code Owners in conjunction with [protected branches](protected_branches.md#protected-branches-approval-by-code-owners) Using Code Owners in conjunction with [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch)
prevents any user who is not specified in the `CODEOWNERS` file from pushing prevents any user who is not specified in the `CODEOWNERS` file from pushing
changes for the specified files/paths, except those included in the changes for the specified files/paths, except those included in the
**Allowed to push** column. This allows for a more inclusive push strategy, as **Allowed to push** column. This allows for a more inclusive push strategy, as
......
...@@ -159,7 +159,7 @@ become eligible approvers in the project. To enable this merge request approval ...@@ -159,7 +159,7 @@ become eligible approvers in the project. To enable this merge request approval
![MR approvals by Code Owners](img/mr_approvals_by_code_owners_v12_7.png) ![MR approvals by Code Owners](img/mr_approvals_by_code_owners_v12_7.png)
You can also You can also
[require code owner approval](../../protected_branches.md#protected-branches-approval-by-code-owners) [require code owner approval](../../protected_branches.md#require-code-owner-approval-on-a-protected-branch)
for protected branches. **(PREMIUM)** for protected branches. **(PREMIUM)**
## Merge request approval segregation of duties **(PREMIUM)** ## Merge request approval segregation of duties **(PREMIUM)**
...@@ -229,4 +229,4 @@ approval rule for certain branches: ...@@ -229,4 +229,4 @@ approval rule for certain branches:
![Scoped to protected branch](img/scoped_to_protected_branch_v13_10.png) ![Scoped to protected branch](img/scoped_to_protected_branch_v13_10.png)
1. To enable this configuration, read 1. To enable this configuration, read
[Code Owner's approvals for protected branches](../../protected_branches.md#protected-branches-approval-by-code-owners). [Code Owner's approvals for protected branches](../../protected_branches.md#require-code-owner-approval-on-a-protected-branch).
This diff is collapsed.
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
%strong= _('Code owner approval is required') %strong= _('Code owner approval is required')
%p %p
= _('At least one approval from a code owner is required to change files matching the respective CODEOWNER rules.') = _('At least one approval from a code owner is required to change files matching the respective CODEOWNER rules.')
= link_to(_('Read more'), help_page_path('user/project/protected_branches.md', anchor: 'protected-branches-approval-by-code-owners')) = link_to(_('Read more'), help_page_path('user/project/protected_branches.md', anchor: 'require-code-owner-approval-on-a-protected-branch'))
.border-bottom .border-bottom
%table.table.m-0 %table.table.m-0
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment