DAST template job overrides pipeline stages
Summary
The CI template for DAST specifies pipeline stages, potentially overriding stages set elsewhere.
Steps to reproduce
I have a project at enverus/global/pipelines with a CI/CD configuration file named global.yml that includes pipeline stages.
In a project, if I include global.yml and then include the Security/DAST.gitlab-ci.yml template, the template overrides my pipeline stages.
Example Project
N/A
What is the current bug behavior?
The Security/DAST.gitlab-ci.yml template specifies a list of stages (lines 7 to 11).
stages:
- build
- test
- deploy
- dastDepending on include order, this can override pipeline stages declared elsewhere.
What is the expected correct behavior?
The Security/DAST.gitlab-ci.yml template shouldn't be specifying any pipeline stages.
Relevant logs and/or screenshots
global.yml (excerpt):
stages:
- Check
- Build
- Package
- Static Tests
- Review
- Stage
- Dynamic Tests
- Release
- Post-Release
- Evaluate
- CleanupProject .gitlab-ci.yml:
Note that job_a specifies the stage Static Tests declared in global.yml.
include:
- project: enverus/global/pipelines
ref: latest
file: global.yml
- template: Security/DAST.gitlab-ci.yml
job_a:
stage: Static Tests
script:
- echo "Hello, world!"Error from CI Lint:
The Security/DAST.gitlab-ci.yml template has replaced the stages with build, test, deploy, and dast.
Status: syntax is incorrect
job_a job: chosen stage does not exist; available stages are .pre, build, test, deploy, dast, .postOutput of checks
This bug happens on GitLab.com.
Technical details
- Update DAST template to use latest and stable versions
- Delete the stages list on DAST.gitlab-ci.yml#L7-11 in the
latestversion