Backend: Predefined variable CI_COMMIT_REF_PROTECTED wrong value for merge request
Summary
I would like to disable merge request pipeline when merge from protected branches e.g. from develop branch to staging branch. I use feature flag strategy so do not need this.
The problem is that CI_COMMIT_REF_PROTECTED
has the wrong value (false).
Steps to reproduce
- Create new repo
- Add two branches e.g. main, staging
- Mark both branches as protected
- Add simple
.gitlab-ci.yml
like:
repro:
script:
- env | grep 'CI_COMMIT_REF_PROTECTED\|CI_COMMIT_REF_NAME\|CI_MERGE_REQUEST_TARGET_BRANCH_PROTECTED\|CI_MERGE_REQUEST_TARGET_BRANCH_NAME'
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
- if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
- Create merge request staging -> main
- Check logs for merge request pipeline:
CI_COMMIT_REF_PROTECTED
will be false
Reproduced on GitLab.com: https://gitlab.com/gl-demo-ultimate-mgrabowski/mg-gold/zd-373435 See Add README.md (gl-demo-ultimate-mgrabowski/mg-gold/zd-373435!4) and compare output of branch pipeline vs. merge request pipeline.
User Impact
Users wishing to use CI_COMMIT_REF_PROTECTED
are unable to as it returns the wrong value.
Proposal
- Modify
pipeline#protected_ref?
to render the correct value
def protected_ref?
- strong_memoize(:protected_ref) { project.protected_for?(git_ref) }
+ strong_memoize(:protected_ref) { project.protected_for?(source_ref_path) }
end
Edited by Max Orefice