I got a chance to get references errors (eg. using TULEAP-1235 instead of TULEAP-1234)

At commit time

When TULEAP-XXX is present in a commit message, a Merge Request (MR) title or description or in a tag:

• and XXX is an artifact part of the Tuleap project the GitLab repository is integrated with
• and XXX has a title semantic
• and the title field is readable by "all_users" (regardless of the permission of the project)

Then, the Tuleap Bot comment with message:

This X references: [TULEAP-XXX title](https://...).

Artifact lifecycle

When artifact XXX title is updated and the permission of the field are still READ to all_users, Tuleap Bot will push the new title:

Referenced Tuleap artifact TULEAP-XXX was renamed to [TULEAP-XXX new title](https://...).

Security guards

Protections again possible exfiltration of data by malicious GitLab user. That is to say that someone using the GitLab instance to craft commits or MR to enumerate Tuleap artifacts "TULEAP-1, TULEAP-2, ...." to get access to data that might be confidential on the Tuleap instance.

To prevent this exfiltration of data:

• When a GitLab repository is linked to a Tuleap, reference (TULEAP-XXX) can only be made to artifacts within the project (artifact 1234 must be part of the Tuleap project).
  • If it's not, the Tuleap Bot will comment on the MR with "TULEAP-XXX not found in project YYYY"
• For the title to be included in the message, the data must already be public:
  • The platform must be open to anonymous
  • The Tuleap project the referenced artifact belongs to must be public
  • The tracker the artifact belongs to must be accessible to "all_users"
  • the Read permission of the Title field must be set to "all_users", otherwise it's only the bare link.