2025-02-14: failed pipeline after recent changes to Dependency-Scanning.gitlab-ci.yml template

📝 Summary for CMOC notice / Exec summary:

1. Customer Impact: Customers using Dependency Scanning who have also overridden certain configurations had their CI jobs fail.
2. Service Impact: ServiceGitLab Rails
3. Impact Duration: 2025-02-14 11:47 - 2025-02-14 21:49 (602 minutes)
4. Root cause: RootCauseConfig-Change

Customer Impact

This impacts customers using Dependency Scanning and who have overridden the CI/CD configuration of either the dependency_scanning and .ds-analyzer abstract jobs or any final job (gemnasium-dependency_scanning, gemnasium-maven-dependency_scanning, gemnasium-python-dependency_scanning) to change the stage property and don't have a test stage define in their .gitlab-ci.yml CI/CD configuration.

When these cirumstances are met, CI Pipelines are failing with the following error:

dependency-scanning job: chosen stage test does not exist; available stages are .pre, PRE_RUN, CODE_SCAN, BUILD, PACKAGE, DEPLOY, DEPLOY-STAGING, DEPLOY-PERF, DEPLOY-ANP_LIVE, RELEASE-FANOUT, TEST, QUALITY_GATES, ROLLBACK, POST_RUN, .postGo to the pipeline editor

We don't know exactly how many customers are impacted.

• Beginning of the incident: 2025-02-14 11:47
• End of the incident: 2025-02-14 21:49

Workaround

A workaround until the fix is implemented:

1. Add a test (all lowercase) stage to the stages property of your CI/CD definitions,
2. Include an older version of the template.

Current Status

We have identified the issue and are working to revert change: Revert "Merge branch '501103-update_DS_latest_C... (gitlab-org/gitlab!181540 - merged)

More information will be added as we investigate the issue. For customers believed to be affected by this incident, please subscribe to this issue or monitor our status page for further updates.

📚 References and helpful links

Recent Events (available internally only):

• Feature Flag Log - Chatops to toggle Feature Flags Documentation
• Infrastructure Configurations
• GCP Events (e.g. host failure)

Deployment Guidance

• Deployments Log | Gitlab.com Latest Updates
• Reach out to Release Managers for S1/S2 incidents to discuss Rollbacks, Hot Patching or speeding up deployments. | Rollback Runbook | Hot Patch Runbook

Use the following links to create related issues to this incident if additional work needs to be completed after it is resolved:

• Corrective action ❙ Infradev
• Incident Review ❙ Infra investigation followup
• Confidential Support contact ❙ QA investigation

---

Note: In some cases we need to redact information from public view. We only do this in a limited number of documented cases. This might include the summary, timeline or any other bits of information, laid out in our handbook page. Any of this confidential data will be in a linked issue, only visible internally. By default, all information we can share, will be public, in accordance to our transparency value.

Security Note: If anything abnormal is found during the course of your investigation, please do not hesitate to contact security.