DAST template job overrides pipeline stages (#254325) · Issues · GitLab.org / GitLab

DAST template job overrides pipeline stages

Summary

The CI template for DAST specifies pipeline stages, potentially overriding stages set elsewhere.

Steps to reproduce

I have a project at enverus/global/pipelines with a CI/CD configuration file named global.yml that includes pipeline stages.

In a project, if I include global.yml and then include the Security/DAST.gitlab-ci.yml template, the template overrides my pipeline stages.

Example Project

N/A

What is the current bug behavior?

The Security/DAST.gitlab-ci.yml template specifies a list of stages (lines 7 to 11).

stages:
  - build
  - test
  - deploy
  - dast

Depending on include order, this can override pipeline stages declared elsewhere.

What is the expected correct behavior?

The Security/DAST.gitlab-ci.yml template shouldn't be specifying any pipeline stages.

Relevant logs and/or screenshots

global.yml (excerpt):

stages:
  - Check
  - Build
  - Package
  - Static Tests
  - Review
  - Stage
  - Dynamic Tests
  - Release
  - Post-Release
  - Evaluate
  - Cleanup

Project .gitlab-ci.yml:

Note that job_a specifies the stage Static Tests declared in global.yml.

include:
  - project: enverus/global/pipelines
    ref: latest
    file: global.yml
  - template: Security/DAST.gitlab-ci.yml

job_a:
  stage: Static Tests
  script:
    - echo "Hello, world!"

Error from CI Lint:

The Security/DAST.gitlab-ci.yml template has replaced the stages with build, test, deploy, and dast.

Status: syntax is incorrect

job_a job: chosen stage does not exist; available stages are .pre, build, test, deploy, dast, .post

Output of checks

This bug happens on GitLab.com.

Technical details

Update DAST template to use latest and stable versions
Delete the stages list on DAST.gitlab-ci.yml#L7-11 in the latest version

Edited Nov 09, 2020 by Avielle Wolfe