Gitlab::Ci::MaskSecret `mask!` expects string for `gsub!`, gets array instead
Summary
In certain circumstances during pipeline creation, when masked variables are being processed, the Gitlab::Ci::MaskSecret
mask!
method expects to call gsub!
on a string, when it can sometimes be an array.
Because this is not handled, a 500
error is returned. In this case, the user sees their pipeline does not start. The job says stays stuck in Created
state:
This job has not been triggered yet
This job depends on upstream jobs that need to succeed in order for this job to be triggered
I was able to reproduce the behaviour on SaaS (ie the job does not start, stays in Created
state) by reproducing the customer's project hierarchy and general CI/CD yaml structure. When I added a masked variable to the top-level group that was not protected, the behaviour was reproduced. However, I was not able to see the same error the customer received:
json.exception.message: undefined method `gsub!' for #<Array:0x00007fa0282b4ec0>
I was not able to reproduce this behaviour without emulating the basic structure of the customer's yaml files, with multiple includes at several levels.
Steps to reproduce
Reproduce:
- Define a CI config with a project/file include. Define the project as an array:
include:
- project: ["furkanayhan/many-includes"]
file: a.yml
ref: master
test:
script: echo hello
- Have a masked variable with the included project name
Implementation Table
Group | Issue Link |
---|---|
backend |
|
backend | Backend: Measure users that are using an array ... (#365975) |
Example Project
Approximation of the customer's yaml structure, where behaviour was reproduced. Please see as documented in the GitLab ticket (internal).
What is the current bug behavior?
Pipeline job for first stage does not start, remains at Created
stage.
What is the expected correct behavior?
Pipeline job would start.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
We should not allow defining project
as an array