Advanced scenario examples¶
Worked Scenario Outline examples for matrix-style policies. For syntax and value-spec rules, see Advanced scenarios.
Variable allowlist matrix¶
Require specific pipeline variables and constrain their values without writing one scenario per key:
Feature: Pipeline variable allowlist
Scenario Outline: Pipeline variables must match allowed patterns
Given I have any variable defined
When its key is <name>
Then its value must match "<pattern>"
Examples:
| name | pattern |
| APPLICATION | .+ |
| ENVIRONMENT | prod,uat,dev |
| ROLE | ^(backend\|frontend\|ops)$ |
ENVIRONMENTwith cellprod,uat,devaccepts any of those three literals.ROLEuses regex alternation; the^anchor prevents comma-list parsing.
Conditional component input matrix¶
When a component inputs value constrains another field:
Feature: Component input constraints
Scenario Outline: Component input mode constrains dependent fields
Given I have include type "component" defined
When the entity input <input> equals <value>
Then its <conditional key> must match "<conditional value>"
Examples:
| input | value | conditional key | conditional value |
| mode | execute | workflow | trunk,main |
| mode | dry-run | workflow | gitops |
Example pipeline fragment that satisfies both rows:
include:
- component: gitlab.com/org/my-component@1.0.0
inputs:
mode: execute
workflow: trunk
- component: gitlab.com/org/my-component@1.0.0
inputs:
mode: dry-run
workflow: gitops
A row fails when, for example, mode: execute is paired with workflow: gitops.
Bundled outline policies¶
Enable the package baseline pack alongside your own policies:
gitlab-compliance check -f policies/ -p .gitlab-ci.yml --with-builtin
Bundled files under src/compliance/builtin_policies/ include:
| File | Outline purpose |
|---|---|
variable-allowlist.feature |
Variable key / pattern matrix |
component-inputs.feature |
Conditional component input matrix |
baseline-jobs.feature |
Plain scenarios (image tag, rules) |
include-pinning.feature |
Plain scenarios (component semver) |