Backend: Variable expansion of trigger branch property prevents downstream pipeline from being created

Summary

A branch job in which the branch property of the trigger property is using a variable will always fail with reason: downstream pipeline can not be created.

This is about accessing variables defined in before_script by bridge jobs. (bridge jobs means that a job that has a trigger keyword)

When processing jobs, we run before_script for every single build, but not for bridges. That's why you can access a variable defined in before_script in a build but not in a bridge.

Workaround

We've recently added the documentation about it:

https://docs.gitlab.com/ee/ci/yaml/README.html#trigger

Jobs with trigger can only use a limited set of keywords. For example, you can’t run commands with script, before_script, or after_script.

The only option left is to suggest "Inherit environment variables" feature.

Example:

stages:
  - removeme
  - deploy

before_script:
  - if [ -z "$TARGET_BRANCH" ]; then TARGET_BRANCH="main"; fi
  - echo $TARGET_BRANCH

pass_variable:
  stage: removeme
  script:
    - echo "TARGET_BRANCH=$TARGET_BRANCH" >> build.env
  artifacts:
    reports:
      dotenv: build.env

deploy:
  variables:
    environment: dev
  stage: deploy
  trigger:
    project: group/project
    branch: $TARGET_BRANCH
    strategy: depend

Working example:

• https://gitlab.com/furkanayhan/test-project/-/blob/a7d3298429e534b1949205359e67bccdaa2d681f/.gitlab-ci.yml
• https://gitlab.com/furkanayhan/test-project/-/pipelines/229061876

Steps to reproduce

1. Set up a downstream pipeline with a trigger property as you would normally.
2. Add a branch property to the trigger property. Write the name of an existing branch on the downstream repository, like master/main or the name of a feature branch.
3. Run the pipeline and observe that the downstream pipeline is successfully created.
4. Now change the branch property to use a variable instead, like branch: $CI_TARGET_BRANCH.
5. Manually run the CI pipeline with that, setting variable through the GitLab GUI.
6. The job will instantly fail with reason: downstream pipeline can not be created.

Can reproduce 100% of the time.

Code example

The goal is to create a GitLab CI config that runs the pipeline of a specified downstream branch. The bug occurs when attempting to do it with a variable.

This works, creating a downstream pipeline like normal. But the branch name is hardcoded:

stages:
  - deploy

deploy:
  variables:
    environment: dev
  stage: deploy
  trigger:
    project: group/project
    branch: foo
    strategy: depend

This does not work; although TARGET_BRANCH is set successfully, the job fails because the downstream pipeline can not be created:

stages:
  - removeme
  - deploy

before_script:

  - if [ -z "$TARGET_BRANCH" ]; then TARGET_BRANCH="main"; fi
  - echo $TARGET_BRANCH

test_variable:
  stage: removeme
  script:
    - echo $TARGET_BRANCH

deploy:
  variables:
    environment: dev
  stage: deploy
  trigger:
    project: group/project
    branch: $TARGET_BRANCH
    strategy: depend

If you know what I'm doing wrong, or you have something that does work with variable expansion of the branch property, please share it (along with your GitLab version). Alternate solutions are also welcome, but this one seems like it should work.

GitLab Version on which bug occurs

Self-hosted GitLab Community Edition 12.10.7

What is the current bug behavior?

The job always fails for reason: downstream pipeline can not be created.

What is the expected correct behavior?

The branch property should be set to the value of the variable and the downstream pipeline should be created as normal, just as if you simply hardcoded/typed the name of the branch.

Related issues and merge requests

• #10126 (closed)
• !17430 (merged)

More details

• The ability to use variable expansion in the trigger branch property was added in v12.4, and it's explicitly mentioned in the docs.
• I searched for other .gitlab-ci.yml / GitLab config files. Every single one that attempted to use variable expansion in the branch property had it commented out, saying it was bugged for an unknown reason (example.
  • I haven't been able to find a repository in which someone claimed to have a working variable expansion for the branch property of the trigger property.
• Unfortunately, the alternate solutions are either (a) hardcoding every downstream branch name into the GitLab CI config of the upstream project, or (b) not being able to test changes to the downstream GitLab CI config without first committing them to master/main, or having to use only/except.

---

TL;DR: How to use the value of a variable for the branch property of a bridge job? My current solution makes it so the job fails and the downstream pipeline isn't created.

User Impact

Preventing downstream pipelines from being created when attempting to access variables defined in before_script by bridge jobs.