Using protected variables in include.ref results in false-positive error message when validating a CI file

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Close this issue

Summary

Using protected variables in include.ref results in false-positive error message when validating a CI file.

Steps to reproduce

Create 2 empty projects
In project 1, define a variable REF_NAME via CI/CD variables and make sure that it is marked as protected (it is marked by default).
In project 2, create file included-file.yml:

test-job:
    script:
        - echo "This job comes from the include file"

In project 1, create .gitlab-ci.yml:

include:
  - project: name/ref-var-include-test02
    file: included-file.yml
    ref: $REF_NAME

Example Project

https://gitlab.com/atanayno/ref-var-include-issue425799

What is the current bug behavior?

When validating a CI file in project 1, you will see the error This GitLab CI configuration is invalid: Project name/ref-var-include-test02 reference `` does not exist!. Learn more. However, the pipeline will be executed!

What is the expected correct behavior?

There should be no error when validating a CI file.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Workaround

Add rule and any other job to the file (otherwise it will fail with This GitLab CI configuration is invalid: jobs config should contain at least one visible job. Learn more):

include:
  - project: name/ref-var-include-test02
    file: included-file.yml
    ref: $REF_NAME
    rules:
      - if: $REF_NAME
...      
test-job:
 script:
   - echo "hello, this is a test job"

Possible fixes

See related details in #339325 (comment 1566606296)

Edited Aug 27, 2025 by 🤖 GitLab Bot 🤖