diff options
author | Zuul <zuul@review.opendev.org> | 2023-01-17 19:16:16 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-01-17 19:16:16 +0000 |
commit | 28eefca0de89a9f30d4698b3ad49e6579ee2e6fb (patch) | |
tree | 3aaa1f73a02d224b48330e8486d1e8486a715287 /releasenotes/notes | |
parent | 8e69a631f8eaf680782ab37f3c2da872351a1a2d (diff) | |
parent | 3f3101216e54e8e1ae5cac658ae8910ccc5efcbd (diff) | |
download | zuul-28eefca0de89a9f30d4698b3ad49e6579ee2e6fb.tar.gz |
Merge "Honor independent pipeline requirements for non-live changes"
Diffstat (limited to 'releasenotes/notes')
-rw-r--r-- | releasenotes/notes/non-live-pipeline-requirements-aa173bd86b332e63.yaml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/releasenotes/notes/non-live-pipeline-requirements-aa173bd86b332e63.yaml b/releasenotes/notes/non-live-pipeline-requirements-aa173bd86b332e63.yaml new file mode 100644 index 000000000..052d5b255 --- /dev/null +++ b/releasenotes/notes/non-live-pipeline-requirements-aa173bd86b332e63.yaml @@ -0,0 +1,29 @@ +--- +features: + - | + A new pipeline attribute, + :attr:`pipeline.allow-other-connections`, has been added + to ensure that only changes from connections which + are mentioned in the pipeline configuration (such as triggers, + reporters, or pipeline requirements) are enqueued. +security: + - | + Non-live items are now subject to pipeline requirements for + independent pipelines. + + Previously, an optimization for independent pipelines skipped + checking that a change met the pipeline requirements. If an + independent pipeline is intended only to run reviewed code, this + could allow running unreviewed code by updating dependent changes. + + Now both non-live and live items are subject to pipeline + requirements in all pipeline managers. + + - | + The new `allow-other-connections` pipeline configuration option + may now be used to ensure that only changes from connections which + are mentioned in the pipeline configuration (such as triggers, + reporters, or pipeline requirements) are enqueued. This allows + the construction of a pipeline where, for example, code review + requirements are strictly enforced, even for dependencies which + are not normally directly enqueued. |