Feature: Multi-project governance and cross-project Task Template reuse

[Daudemard]

Related to

Web-Frontend (what users interact with)

Impact

major improvement to user experience

Missing Feature

Semaphore UI lacks multi-project governance capabilities: Task Templates are restricted to a single project and cannot be reused across projects, and Views are purely visual without any permission model.

In CI/CD environments, this prevents a clean separation of responsibilities (build vs deploy) and forces teams to either duplicate build logic across projects or keep build and production deployment tasks in the same project. As a result, pipelines become harder to maintain, consistency is harder to guarantee, and it is difficult to enforce strong access restrictions for production workflows.

Implementation

Please implement cross-project Task Template reuse while keeping projects as the security boundary.

1. Cross-project Task Template reference

• In the task creation flow, allow selecting a Task Template from another project.
• The referenced template must be read-only in the consuming project:
  • no edit, no overwrite, no “save back” to the source project
• The consuming task must still support task-level customization (like deploy tasks today):
  • tags
  • variables / env vars
  • task-specific parameters

2. Project-based governance (Build / Deploy separation)

• Support/encourage a structure where:
  • Build/Dev project: contains only build-related templates; restricted write access
  • Production project: contains only deployment tasks; strongly restricted access
• Deployment tasks should be able to reference a specific build output produced by the Build project:
  • artifact selection (by build ID/version/commit/tag)
  • consume build metadata/variables as inputs
• Optional: enforce a validation/approval gate:
  • only “validated” builds/artifacts can be selected for production deployment

3. Permission and visibility rules

• Projects remain the unit of access control.
• Cross-project template usage must respect source-project permissions:
  • users without access to the source project cannot browse/select its templates
  • consuming project users can execute tasks based on referenced templates but cannot modify them
• Views remain purely organizational and do not change permissions.

UI/UX suggestion

• In the task creation wizard, add a "Template source" selector:
  • "This project" (default)
  • "Other project..." -> project dropdown -> template dropdown
• Display template origin clearly (Project / Template name).
• Mark referenced templates as "Referenced (read-only)" in the UI.
• For deploy tasks, add an optional "Build selection" step to pick an existing validated build/artifact.

Design

No response