Instance required pipeline configuration jobs are duplicated when scan execution policies are configured
Summary
When a GitLab instance has a required pipeline configuration configured and a project has a scan execution policy in effect with at least one action, the resulting pipeline duplicates the required pipeline configuration jobs.
Steps to reproduce
- Create a templates project repository and create a file
gitlab-ci/.gitlab-ci-required.yml
file with one job defined (see yaml below). - As an administrator, configure a template repository for the instance using the project repository from step 1
- As an administrator, configure a required pipeline configuration for the instance, specifying the configuration file created in step 1
- As a group owner, configure a security scan execution policy (see policy example below)
- Create a new project and configure a pipeline with any job.
- Observe that the pipeline unexpectedly contains multiple instances of the job from the instance required pipeline configuration
For example, a gitlab-ci/.gitlab-ci-required.yml
file like so:
my-instance-required-job:
script:
- echo "this job is required"
And a scan policy as so:
---
scan_execution_policy:
- name: dependency scan
description: ''
enabled: true
rules:
- type: pipeline
branches:
- "*"
actions:
- scan: dependency_scanning
What is the current bug behavior?
If a pipeline is run with a single job (projectjob
) configured, the resulting pipeline contains three jobs:
- projectjob (expected)
- my-instance-required-job (expected)
- my-instance-required-job-0 (unexpected)
What is the expected correct behavior?
The expected result is that there is only one instance of the my-instance-required-job
job from the instance required pipeline configuration and my-instance-required-job-0
is not present.
Relevant logs and/or screenshots
Tested on GitLab 16.7.4 (docker, omnibus)