CI Config from configurable branch
Attila
At the moment the Cirlce CI config is loaded from the current branch. A feature branch can be changed by a single developer. In order to provide more protection for the Circle CI config, it would be nice if it could be configured for a project to take the Circle CI config from a protected branch. So this branch could be protected by branch protection rules. For example one could configure the main branch as the source of Circle CI config for all the workflow runs of the project, so any workflow run triggered for the Circle CI project would take the configuration from the main branch, independently from the currently built branch. This would enable higher level of protection of the CI config, since one could configure different branch protection rules for this special branch; including requirements like: changes only via PRs, PRs can be merged only with a specific number of approvals and no force pushes. This would make it possible to protect the CI configuration from a single compromised developer account. Thus enabling higher security standards, which is not available currently.
Dmitry Podshivalov
I'm totally agree with the stated by Attila. We have similar problem in our organization and having a possibility to conveniently "lock" configuration from unauthorized modifications would be very valuable from security prospective