Pipelines marked as success via Commits API despite invalid YAML
Summary
If a pipeline is marked as failed due to invalid YAML, updating the build status of a commit with a state of success
marks the entire pipeline as "passed".
If the pipeline is failed due to a job actually failing, posting a build status to the commit with a state of success
does not overwrite the pipeline's overall status to "passed".
Many third party tools use this endpoint when kicking off external CI jobs triggered via webhooks. Due to this, a pipeline with invalid YAML can appear to be in a successful "passed" state.
Steps to reproduce
- Create a pipeline with invalid YAML, eg:
job:
script
exit 1
-
Commit the changes, let the pipeline be marked as invalid/failed.
-
Submit a POST request referencing that commit, and set the state as
success
.curl -X POST --header "Private-Token: ****" "https://gitlab.com/api/v4/projects/<project_id>/statuses/<commit_sha>?state=success"
Example Project
https://gitlab.com/calebw/bad_pipeline
The initial pipeline in this project shows the correct state a pipeline should be in (failed) when the YAML is invalid. The second pipeline was marked as passed via the Commits API.
What is the current bug behavior?
Failed pipelines can be marked as passed when updating the build status of a commit via the Commits API.
What is the expected correct behavior?
The build status is updated, but the pipeline remains in a failed state due to the invalid YAML.
The correct behavior can be seen when updating the build status via the Commits API for a pipeline that failed due to job failure. For example, if you create an intentionally failed pipeline by using a job like so
job
script:
- exit 1
And then use the Commits API to update the build status as "success", the pipeline is overall left in a failed state, but the additional successful build status is added. We should use this same behavior for pipelines that fail due to invalid YAML.
Relevant logs and/or screenshots
Output of checks
This bug happens on GitLab.com.