Update CI Template guidelines to recommend avoiding before_script and after_script for job templates
Problem to solve
Within devopssecure we have often talked about avoiding before_script
and after_script
usage to avoid conflicting with user expectations. This seems fairly consistent across our templates, except for:
-
Coverage-Fuzzing.gitlab-ci.yml
-> usesbefore_script
for setup. -
Security/DAST.latest.gitlab-ci.yml
-> Usesafter_script
to delete logs. -
Jobs/Deploy/ECS.gitlab-ci.yml
-> Usesafter_script
to output environment name to anenvironment_url.txt
artifact (not sure why). -
Jobs/Helm-2to3.gitlab-ci.yml
-> Usesbefore_script
to set up environment before runningscript
commands. - Also, many of the "example" templates in
ci/templates/*.yml
make use of either keyword, likeAndroid-Fastlane.gitlab-ci.yml
,OpenShift.gitlab-ci.yml
, etc.
By limiting the usage of these keywords in our job templates we can better guarantee customer flexibility and prevent side-effects when non-standard template fields are modified.
See related discussion #7020 (comment 479809593)
Proposal
Similarly to the existing best practices we should add before_script
and after_script
to the keywords to be avoided to reserve for customer usage in modifying job setup and cleanup.
This should be reserved to "job templates" which are often overridden, where "project templates" are focused on a complete workflow.
Who can address the issue
Edited by Lucas Charles