diff options
Diffstat (limited to 'doc/user/project/merge_requests/confidential.md')
-rw-r--r-- | doc/user/project/merge_requests/confidential.md | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/doc/user/project/merge_requests/confidential.md b/doc/user/project/merge_requests/confidential.md new file mode 100644 index 00000000000..b50c5ee0ea9 --- /dev/null +++ b/doc/user/project/merge_requests/confidential.md @@ -0,0 +1,73 @@ +--- +stage: Create +group: Code Review +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +--- + +# Merge requests for confidential issues + +> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/58583) in GitLab 12.1. + +Merge requests in a public repository are also public, even when the merge +request is created for a [confidential issue](../issues/confidential_issues.md). +To avoid leaking confidential information when working on a confidential issue, +create your merge request from a private fork. + +Roles are inherited from parent groups. If you create your private fork in the +same group or subgroup as the original (public) repository, developers receive +the same permissions in your fork. This inheritance ensures: + +- Developer users have the needed permissions to view confidential issues and resolve them. +- You do not need grant individual users access to your fork. + +The [security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer) at GitLab are available to read. + +## Create a confidential merge request + +WARNING: +To create a confidential merge request, you must create a private fork. This fork +may expose confidential information, if you create your fork in another namespace +that may have other members. + +Branches are public by default. To protect the confidentiality of your work, you +must create your changes in a private fork. + +Prerequisites: + +- You have the Owner or Maintainer role in the public repository, as you need one + of these roles to [create a subgroup](../../group/subgroups/index.md). +- You have [forked](../repository/forking_workflow.md) the public repository. +- Your fork has a **Visibility level** of _Private_. + +To create a confidential merge request: + +1. Go to the confidential issue's page. Scroll below the issue description and + select **Create confidential merge request**. +1. Select the item that meets your needs: + - *To create both a branch and a merge request,* select + **Create confidential merge request and branch**. Your merge request will + target the default branch of your fork, *not* the default branch of the + public upstream project. + - *To create only a branch,* select **Create branch**. +1. Select a **Project** to use. These projects have merge requests enabled, and + you have the Developer role (or greater) in them. +1. Provide a **Branch name**, and select a **Source (branch or tag)**. GitLab + checks whether these branches are available in your private fork, because both + branches must be available in your selected fork. +1. Select **Create**. + +If you created a branch in your private fork, users with the Developer role in the +public repository can push code to that branch in your private fork to fix the +confidential issue. + +As your merge request targets your private fork, not the public upstream project, +your branch, merge request, and commits do not enter the public repository. This +prevents prematurely revealing confidential information. + +To make a confidential commit public, open a merge request from the private fork +to the public upstream project. + +## Related links + +- [Confidential issues](../issues/confidential_issues.md) +- [Security practices for confidential merge requests](https://gitlab.com/gitlab-org/release/docs/blob/master/general/security/developer.md#security-releases-critical-non-critical-as-a-developer) at GitLab |