Commit fbcaaccb authored by Phil Hughes's avatar Phil Hughes

Merge branch 'selhorn-protected-branches-2' into 'master'

Edited protected branches for CTRT

<!-- Follow the documentation workflow https://docs.gitlab.com/ee/development/documentation/workflow.html -->
<!-- Additional information is located at https://docs.gitlab.com/ee/development/documentation/ -->
<!-- To find the designated Tech Writer for the stage/group, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers -->

<!-- Mention "documentation" or "docs" in the MR title -->
<!-- For changing documentation location use the "Change documentation location" template -->

## What does this MR do?

This MR edits the topic for style and consistency. It uses our new topic structure: [Concept Task Reference Troubleshooting (CTRT) standards](https://docs.gitlab.com/ee/development/documentation/structure.html). The idea is to ensure that each topic is clearly a task, a reference topic, a concept, or troubleshooting.

## Related issues

Related to: https://gitlab.com/gitlab-org/gitlab/-/issues/327171

## Author's checklist (required)

- [ ] Follow the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).
- If you have **Developer** permissions or higher:
  - [ ] Ensure that the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) is added to doc's `h1`.
  - [ ] Apply the ~documentation label, plus:
    - The corresponding DevOps stage and group labels, if applicable.
    - ~"development guidelines" when changing docs under `doc/development/*`, `CONTRIBUTING.md`, or `README.md`.
    - ~"development guidelines" and ~"Documentation guidelines" when changing docs under `development/documentation/*`.
    - ~"development guidelines" and ~"Description templates (.gitlab/\*)" when creating/updating issue and MR description templates.
  - [ ] [Request a review](https://docs.gitlab.com/ee/development/code_review.html#dogfooding-the-reviewers-feature)
        from the [designated Technical Writer](https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments).

Do not add the ~"feature", ~"frontend", ~"backend", ~"bug", or ~"database" labels if you are only updating documentation. These labels will cause the MR to be added to code verification QA issues.

When applicable:

- [ ] Update the [permissions table](https://docs.gitlab.com/ee/user/permissions.html).
- [ ] Link docs to and from the higher-level index page, plus other related docs where helpful.
- [ ] Add the [product tier badge](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#product-tier-badges) accordingly.
- [ ] Add [GitLab's version history note(s)](https://docs.gitlab.com/ee/development/documentation/styleguide/index.html#gitlab-versions).
- [ ] Add/update the [feature flag section](https://docs.gitlab.com/ee/development/documentation/feature_flags.html).

## Review checklist

All reviewers can help ensure accuracy, clarity, completeness, and adherence to the [Documentation Guidelines](https://docs.gitlab.com/ee/development/documentation/) and [Style Guide](https://docs.gitlab.com/ee/development/documentation/styleguide/).

**1. Primary Reviewer**

* [ ] Review by a code reviewer or other selected colleague to confirm accuracy, clarity, and completeness. This can be skipped for minor fixes without substantive content changes.

**2. Technical Writer**

- [ ] Technical writer review. If not requested for this MR, must be scheduled post-merge. To request for this MR, assign the writer listed for the applicable [DevOps stage](https://about.gitlab.com/handbook/product/categories/#devops-stages).
  - [ ] Ensure docs metadata are present and up-to-date.
  - [ ] Ensure ~"Technical Writing" and ~"documentation" are added.
  - [ ] Add the corresponding `docs::` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=docs%3A%3A).
  - [ ] If working on UI text, add the corresponding `UI Text` [scoped label](https://gitlab.com/groups/gitlab-org/-/labels?subscribed=&search=ui+text).
  - [ ] Add ~"tw::doing" when starting work on the MR.
  - [ ] Add ~"tw::finished" if Technical Writing team work on the MR is complete but it remains open.

For more information about labels, see [Technical Writing workflows - Labels](https://about.gitlab.com/handbook/engineering/ux/technical-writing/workflow/#labels).

For suggestions that you are confident don't need to be reviewed, change them locally
and push a commit directly to save others from unneeded reviews. For example:

- Clear typos, like `this is a typpo`.
- Minor issues, like single quotes instead of double quotes, Oxford commas, and periods.

For more information, see our documentation on [Merging a merge request](https://docs.gitlab.com/ee/development/code_review.html#merging-a-merge-request).

**3. Maintainer**

1. [ ] Review by assigned maintainer, who can always request/require the above reviews. Maintainer's review can occur before or after a technical writer review.
1. [ ] Ensure a release milestone is set.
1. [ ] If there has not been a technical writer review, [create an issue for one using the Doc Review template](https://gitlab.com/gitlab-org/gitlab/issues/new?issuable_template=Doc%20Review).

See merge request gitlab-org/gitlab!63670
parents ac6c128d 80490edf
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
.col-md-10 .col-md-10
= render partial: "projects/protected_branches/shared/dropdown", locals: { f: f } = render partial: "projects/protected_branches/shared/dropdown", locals: { f: f }
.form-text.text-muted .form-text.text-muted
- wildcards_url = help_page_url('user/project/protected_branches', anchor: 'wildcard-protected-branches') - wildcards_url = help_page_url('user/project/protected_branches', anchor: 'configure-multiple-protected-branches-by-using-a-wildcard')
- wildcards_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: wildcards_url } - wildcards_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: wildcards_url }
= (s_("ProtectedBranch|%{wildcards_link_start}Wildcards%{wildcards_link_end} such as %{code_tag_start}*-stable%{code_tag_end} or %{code_tag_start}production/*%{code_tag_end} are supported.") % { wildcards_link_start: wildcards_link_start, wildcards_link_end: '</a>', code_tag_start: '<code>', code_tag_end: '</code>' }).html_safe = (s_("ProtectedBranch|%{wildcards_link_start}Wildcards%{wildcards_link_end} such as %{code_tag_start}*-stable%{code_tag_end} or %{code_tag_start}production/*%{code_tag_end} are supported.") % { wildcards_link_start: wildcards_link_start, wildcards_link_end: '</a>', code_tag_start: '<code>', code_tag_end: '</code>' }).html_safe
.form-group.row .form-group.row
......
...@@ -26,7 +26,7 @@ relevant compliance standards. ...@@ -26,7 +26,7 @@ relevant compliance standards.
|**[Audit events](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. | Premium+ | **{check-circle}** Yes | Instance, Group, Project | |**[Audit events](audit_events.md)**<br>To maintain the integrity of your code, GitLab Enterprise Edition Premium gives administrators the ability to view any modifications made within the GitLab server in an advanced audit events system, so you can control, analyze, and track every change. | Premium+ | **{check-circle}** Yes | Instance, Group, Project |
|**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. | Premium+ | **{dotted-circle}** No | Instance | |**[Auditor users](auditor_users.md)**<br>Auditor users are users who are given read-only access to all projects, groups, and other resources on the GitLab instance. | Premium+ | **{dotted-circle}** No | Instance |
|**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. | Ultimate | **{dotted-circle}** No | Instance | |**[Credentials inventory](../user/admin_area/credentials_inventory.md)**<br>With a credentials inventory, GitLab administrators can keep track of the credentials used by all of the users in their GitLab instance. | Ultimate | **{dotted-circle}** No | Instance |
|**Separation of Duties using [Protected branches](../user/project/protected_branches.md#protected-branches-approval-by-code-owners) and [custom CI Configuration Paths](../ci/pipelines/settings.md#custom-cicd-configuration-file)**<br> GitLab Premium users can leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. View the [Separation of Duties Deploy Project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and [Separation of Duties Project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md) to see how to use this set up to define these roles. | Premium+ | **{check-circle}** Yes | Project | |**Separation of Duties using [Protected branches](../user/project/protected_branches.md#require-code-owner-approval-on-a-protected-branch) and [custom CI Configuration Paths](../ci/pipelines/settings.md#custom-cicd-configuration-file)**<br> GitLab Premium users can leverage the GitLab cross-project YAML configurations to define deployers of code and developers of code. View the [Separation of Duties Deploy Project](https://gitlab.com/guided-explorations/separation-of-duties-deploy/blob/master/README.md) and [Separation of Duties Project](https://gitlab.com/guided-explorations/separation-of-duties/blob/master/README.md) to see how to use this set up to define these roles. | Premium+ | **{check-circle}** Yes | Project |
|**[Compliance frameworks](../user/project/settings/index.md#compliance-frameworks)**<br>Create a custom compliance framework at the group level to describe the type of compliance requirements any child project needs to follow. | Premium+ | **{check-circle}** Yes | Group | |**[Compliance frameworks](../user/project/settings/index.md#compliance-frameworks)**<br>Create a custom compliance framework at the group level to describe the type of compliance requirements any child project needs to follow. | Premium+ | **{check-circle}** Yes | Group |
|**[Compliance pipelines](../user/project/settings/index.md#compliance-pipeline-configuration)**<br>Define a pipeline configuration to run for any projects with a given compliance framework. | Ultimate | **{check-circle}** Yes | Group | |**[Compliance pipelines](../user/project/settings/index.md#compliance-pipeline-configuration)**<br>Define a pipeline configuration to run for any projects with a given compliance framework. | Ultimate | **{check-circle}** Yes | Group |
|**[Compliance dashboard](../user/compliance/compliance_dashboard/index.md)**<br>Quickly get visibility into the compliance posture of your organization. | Ultimate | **{check-circle}** Yes | Group | |**[Compliance dashboard](../user/compliance/compliance_dashboard/index.md)**<br>Quickly get visibility into the compliance posture of your organization. | Ultimate | **{check-circle}** Yes | Group |
...@@ -280,7 +280,7 @@ Example response: ...@@ -280,7 +280,7 @@ Example response:
### Example with user / group level access **(PREMIUM)** ### Example with user / group level access **(PREMIUM)**
Elements in the `allowed_to_push` / `allowed_to_merge` / `allowed_to_unprotect` array should take the Elements in the `allowed_to_push` / `allowed_to_merge` / `allowed_to_unprotect` array should take the
form `{user_id: integer}`, `{group_id: integer}` or `{access_level: integer}`. Each user must have access to the project and each group must [have this project shared](../user/project/members/share_project_with_groups.md). These access levels allow [more granular control over protected branch access](../user/project/protected_branches.md#restricting-push-and-merge-access-to-certain-users) and were [added to the API](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/3516) in GitLab 10.3 EE. form `{user_id: integer}`, `{group_id: integer}`, or `{access_level: integer}`. Each user must have access to the project and each group must [have this project shared](../user/project/members/share_project_with_groups.md). These access levels allow [more granular control over protected branch access](../user/project/protected_branches.md).
```shell ```shell
curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_branches?name=*-stable&allowed_to_push%5B%5D%5Buser_id%5D=1" curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/protected_branches?name=*-stable&allowed_to_push%5B%5D%5Buser_id%5D=1"
......
...@@ -301,7 +301,7 @@ A strict security model is enforced when pipelines are executed on ...@@ -301,7 +301,7 @@ A strict security model is enforced when pipelines are executed on
[protected branches](../../user/project/protected_branches.md). [protected branches](../../user/project/protected_branches.md).
The following actions are allowed on protected branches only if the user is The following actions are allowed on protected branches only if the user is
[allowed to merge or push](../../user/project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings) [allowed to merge or push](../../user/project/protected_branches.md)
on that specific branch: on that specific branch:
- Run manual pipelines (using the [Web UI](#run-a-pipeline-manually) or [pipelines API](#pipelines-api)). - Run manual pipelines (using the [Web UI](#run-a-pipeline-manually) or [pipelines API](#pipelines-api)).
......
...@@ -72,7 +72,7 @@ the tiers are no longer mentioned in GitLab documentation: ...@@ -72,7 +72,7 @@ the tiers are no longer mentioned in GitLab documentation:
- [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals) - [Required Approvals](../user/project/merge_requests/approvals/index.md#required-approvals)
- [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers) - [Code Owners as eligible approvers](../user/project/merge_requests/approvals/rules.md#code-owners-as-eligible-approvers)
- [Approval rules](../user/project/merge_requests/approvals/rules.md) features - [Approval rules](../user/project/merge_requests/approvals/rules.md) features
- [Restricting push and merge access to certain users](../user/project/protected_branches.md#restricting-push-and-merge-access-to-certain-users) - [Restricting push and merge access to certain users](../user/project/protected_branches.md)
- [Visual Reviews](../ci/review_apps/index.md#visual-reviews) - [Visual Reviews](../ci/review_apps/index.md#visual-reviews)
- Metrics and analytics: - Metrics and analytics:
- [Contribution Analytics](../user/group/contribution_analytics/index.md) - [Contribution Analytics](../user/group/contribution_analytics/index.md)
......
...@@ -195,7 +195,7 @@ The following table lists project permissions available for each role: ...@@ -195,7 +195,7 @@ The following table lists project permissions available for each role:
1. Guest users can only view the confidential issues they created themselves. 1. Guest users can only view the confidential issues they created themselves.
1. If **Public pipelines** is enabled in **Project Settings > CI/CD**. 1. If **Public pipelines** is enabled in **Project Settings > CI/CD**.
1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md). 1. Not allowed for Guest, Reporter, Developer, Maintainer, or Owner. See [protected branches](project/protected_branches.md).
1. If the [branch is protected](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings), this depends on the access Developers and Maintainers are given. 1. If the [branch is protected](project/protected_branches.md), this depends on the access Developers and Maintainers are given.
1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits. 1. Guest users can access GitLab [**Releases**](project/releases/index.md) for downloading assets but are not allowed to download the source code nor see repository information like tags and commits.
1. Actions are limited only to records owned (referenced) by user. 1. Actions are limited only to records owned (referenced) by user.
1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing. 1. When [Share Group Lock](group/index.md#prevent-a-project-from-being-shared-with-groups) is enabled the project can't be shared with other groups. It does not affect group with group sharing.
...@@ -223,7 +223,7 @@ which visibility level you select on project settings. ...@@ -223,7 +223,7 @@ which visibility level you select on project settings.
Additional restrictions can be applied on a per-branch basis with [protected branches](project/protected_branches.md). Additional restrictions can be applied on a per-branch basis with [protected branches](project/protected_branches.md).
Additionally, you can customize permissions to allow or prevent project Additionally, you can customize permissions to allow or prevent project
Maintainers and Developers from pushing to a protected branch. Read through the documentation on Maintainers and Developers from pushing to a protected branch. Read through the documentation on
[Allowed to Merge and Allowed to Push settings](project/protected_branches.md#using-the-allowed-to-merge-and-allowed-to-push-settings) [protected branches](project/protected_branches.md)
to learn more. to learn more.
### Value Stream Analytics permissions ### Value Stream Analytics permissions
......
...@@ -77,7 +77,7 @@ After you've added Code Owners to a project, you can configure it to ...@@ -77,7 +77,7 @@ After you've added Code Owners to a project, you can configure it to
be used for merge request approvals: be used for merge request approvals:
- As [merge request eligible approvers](merge_requests/approvals/rules.md#code-owners-as-eligible-approvers). - As [merge request eligible approvers](merge_requests/approvals/rules.md#code-owners-as-eligible-approvers).
- As required approvers for [protected branches](protected_branches.md#protected-branches-approval-by-code-owners). **(PREMIUM)** - As required approvers for [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch). **(PREMIUM)**
Developer or higher [permissions](../permissions.md) are required to Developer or higher [permissions](../permissions.md) are required to
approve a merge request. approve a merge request.
...@@ -93,11 +93,11 @@ without using [Approval Rules](merge_requests/approvals/rules.md): ...@@ -93,11 +93,11 @@ without using [Approval Rules](merge_requests/approvals/rules.md):
1. Create the file in one of the three locations specified above. 1. Create the file in one of the three locations specified above.
1. Set the code owners as required approvers for 1. Set the code owners as required approvers for
[protected branches](protected_branches.md#protected-branches-approval-by-code-owners). [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch).
1. Use [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files) 1. Use [the syntax of Code Owners files](code_owners.md#the-syntax-of-code-owners-files)
to specify the actual owners and granular permissions. to specify the actual owners and granular permissions.
Using Code Owners in conjunction with [protected branches](protected_branches.md#protected-branches-approval-by-code-owners) Using Code Owners in conjunction with [protected branches](protected_branches.md#require-code-owner-approval-on-a-protected-branch)
prevents any user who is not specified in the `CODEOWNERS` file from pushing prevents any user who is not specified in the `CODEOWNERS` file from pushing
changes for the specified files/paths, except those included in the changes for the specified files/paths, except those included in the
**Allowed to push** column. This allows for a more inclusive push strategy, as **Allowed to push** column. This allows for a more inclusive push strategy, as
......
...@@ -159,7 +159,7 @@ become eligible approvers in the project. To enable this merge request approval ...@@ -159,7 +159,7 @@ become eligible approvers in the project. To enable this merge request approval
![MR approvals by Code Owners](img/mr_approvals_by_code_owners_v12_7.png) ![MR approvals by Code Owners](img/mr_approvals_by_code_owners_v12_7.png)
You can also You can also
[require code owner approval](../../protected_branches.md#protected-branches-approval-by-code-owners) [require code owner approval](../../protected_branches.md#require-code-owner-approval-on-a-protected-branch)
for protected branches. **(PREMIUM)** for protected branches. **(PREMIUM)**
## Merge request approval segregation of duties **(PREMIUM)** ## Merge request approval segregation of duties **(PREMIUM)**
...@@ -229,4 +229,4 @@ approval rule for certain branches: ...@@ -229,4 +229,4 @@ approval rule for certain branches:
![Scoped to protected branch](img/scoped_to_protected_branch_v13_10.png) ![Scoped to protected branch](img/scoped_to_protected_branch_v13_10.png)
1. To enable this configuration, read 1. To enable this configuration, read
[Code Owner's approvals for protected branches](../../protected_branches.md#protected-branches-approval-by-code-owners). [Code Owner's approvals for protected branches](../../protected_branches.md#require-code-owner-approval-on-a-protected-branch).
This diff is collapsed.
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
%strong= _('Code owner approval is required') %strong= _('Code owner approval is required')
%p %p
= _('At least one approval from a code owner is required to change files matching the respective CODEOWNER rules.') = _('At least one approval from a code owner is required to change files matching the respective CODEOWNER rules.')
= link_to(_('Read more'), help_page_path('user/project/protected_branches.md', anchor: 'protected-branches-approval-by-code-owners')) = link_to(_('Read more'), help_page_path('user/project/protected_branches.md', anchor: 'require-code-owner-approval-on-a-protected-branch'))
.border-bottom .border-bottom
%table.table.m-0 %table.table.m-0
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment