Deploy key doesn't trigger pipeline if key owner is not member of the project
Summary
Hello, i have a Gitlab CI user on my Gitlab EE 11.0 instance which has some rights on various project. One right is to use the deploy key named Gitlab CI on all projects. This key seems to be attached to this user in the database, it's right. I added this key, with write perms on a repository, and unless i add Gitlab CI user as a member of the project, the deploy key push doesn't trigger any pipeline.
Steps to reproduce
- Create a Gitlab CI user
- Add a specific SSH key for deployments (Gitlab CI named key)
- Create a random project
- Add Gitlab CI deploy key on the random project & set write perms
- Run a single CI pipeline step which performs a
git tag 1.0.0
the current commit
Example Project
Not relevant, pipeline is simple.
What is the current bug behavior?
- Tag is pushed but no pipeline is triggered.
Note: pipeline is triggered when Gitlab CI user is maintainer of the project.
What is the expected correct behavior?
- Tag push triggers a pipeline.
Relevant logs and/or screenshots
App logs are not relevant here
Output of checks
Not relevant
Results of GitLab environment info
Not relevant
Results of GitLab application Check
Not relevant
Possible fixes
Two possible fixes:
- Add a check case to permit pipeline triggering on those deploy write keys (default true)
- Just trigger the pipeline when push is performed and user owning deploy key is not project maintainer.