Three edge cases of jobs being added to pipelines incorrectly
Issue
While looking at this pipeline, I found two edge cases for pipeline misconfiguration: https://gitlab.com/gitlab-org/gitlab/-/pipelines/635858009
-
The 4 dependency scanner jobs added in !86791 (diffs)
These jobs are set with a simple
if: '$CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
, but if a contributor works from their fork's default branch, like in this contributor's MR, these jobs will be added to pipelines for their MRs (when triggered by a maintainer before merge). This is tricky to handle, and I'm not sure what to suggest. -
The
build-components
job. I noticed this before, but forgot to raise an issue. This seems to be added to all docs pipelines as a manual job. For example: https://gitlab.com/gitlab-org/gitlab/-/pipelines/635880894It's being added as a manual job, so the key config is:
.if-dot-com-gitlab-org-merge-request: &if-dot-com-gitlab-org-merge-request if: '$CI_SERVER_HOST == "gitlab.com" && $CI_PROJECT_NAMESPACE == "gitlab-org" && $CI_MERGE_REQUEST_IID' .rails:rules:build-components: rules: - <<: *if-dot-com-ee-schedule - <<: *if-dot-com-gitlab-org-default-branch changes: - "workhorse/**/*" - <<: *if-dot-com-gitlab-org-merge-request when: manual allow_failure: true
Those three checks all validate to
true
in docs pipelines, so it seems like we need to add achanges
line there, to add it to appropriate code MRs only? -
review-cleanup
: There is no code review app, so this should not be present.This job uses these rules:
review-cleanup: extends: - .review:rules:review-cleanup .review:rules:review-cleanup: rules: - <<: *if-not-ee when: never - <<: *if-dot-com-gitlab-org-merge-request when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true
But,
start-review-app-pipeline:
uses different rules. Shouldn't cleanup be using identical rules as this? Otherwise we could have a cleanup job without a review app to clean up?start-review-app-pipeline: extends: - .review:rules:start-review-app-pipeline .review:rules:start-review-app-pipeline: rules: - <<: *if-not-ee when: never - <<: *if-merge-request-labels-pipeline-revert when: never - <<: *if-merge-request-labels-run-review-app - <<: *if-dot-com-gitlab-org-merge-request changes: *ci-review-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *frontend-build-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *controllers-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *models-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *lib-gitlab-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *qa-patterns - <<: *if-dot-com-gitlab-org-merge-request changes: *code-patterns when: manual allow_failure: true - <<: *if-dot-com-gitlab-org-schedule allow_failure: true variables: KNAPSACK_GENERATE_REPORT: "true"