`pipeline_variables_minimum_override_role` should not break the Trigger Pipeline API with CI_JOB_TOKEN

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Work on this issue

Problem to solve

This is a specific version of `pipeline_variables_minimum_override_role` shou... (#557381 - closed)

As outlined in Configure CI/CD jobs to run in triggered pipelines, when using the $CI_JOB_TOKEN with the trigger pipeline API, the pipeline source is pipeline instead of trigger. In the solution for the issue above we only added an exception for trigger.

Proposal

Expand the exception to also apply to pipeline. Because we don't allow any variables via the exception (but only the TRIGGER_PAYLOAD variable specifically), this does not interfere with the intended functionality of blocking pipeline variables.

Relevant code: https://gitlab.com/gitlab-org/gitlab/blob/34c3a6b23593a5524a52af416704fc24c29f671a/lib/gitlab/ci/pipeline/chain/build/associations.rb#L73

Edited Feb 24, 2026 by 🤖 GitLab Bot 🤖

pipeline_variables_minimum_override_role should not break the Trigger Pipeline API with CI_JOB_TOKEN

Problem to solve

Proposal

`pipeline_variables_minimum_override_role` should not break the Trigger Pipeline API with CI_JOB_TOKEN