Backend: Compliance framework pipelines can not include project prefill variables
Summary
According to the documentation, when you add
include: # Execute individual project's configuration (if project contains .gitlab-ci.yml)
project: '$CI_PROJECT_PATH'
file: '$CI_CONFIG_PATH'
ref: '$CI_COMMIT_REF_NAME' # Must be defined or MR pipelines always use the use default branch
into the compliance framework pipeline, you include the project configuration.
However, it does not work with the prefill-variables feature.
Steps to reproduce
- Create a group with the "premium" feature (
my-group
). - Create
my-group/project-1
. - Create
my-group/project-2
. - In
my-group/project-1
, add this example.gitlab-ci.yml
;
include:
project: '$CI_PROJECT_PATH'
file: '$CI_CONFIG_PATH'
ref: '$CI_COMMIT_REF_NAME'
test1:
script: exit 0
- In
my-group/project-2
, add this example.gitlab-ci.yml
;
variables:
VARY:
description: this is var Y
test2:
script: exit 0
-
In
my-group
, add a new compliance framework with themy-group/project-1
config; -
Go to the "Run pipeline" on
my-group/project-2
; -
Result
What is the current bug behavior?
Prefill variables are not visible on the "Run pipeline" on my-group/project-2
.
What is the expected correct behavior?
Prefill variables should be visible on the "Run pipeline" on my-group/project-2
.
Technical explanation
The problem here is the CI_COMMIT_REF_NAME
variable. We do not define this variable when fetching prefill variables.
Possible fixes
We can persist the CI_COMMIT_REF_NAME
variable when fetching prefill variables.
Workaround
Instead of using CI_COMMIT_REF_NAME
, we can use CI_COMMIT_SHA
to solve the problem. Besides, we need to add an if
condition to the include
:
include:
- project: '$CI_PROJECT_PATH'
file: '$CI_CONFIG_PATH'
ref: '$CI_COMMIT_SHA'
rules:
- if: $CI_PROJECT_PATH != "my-group/project-1" # this is the project that hosts the configuration to avoid circular includes