Raise warning when job:rules can trigger multiple pipelines (!38387) · Merge requests · GitLab.org / GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The first breaking change window begins 2024-04-22 09:00UTC and ends 2024-04-24 22:00UTC.

Fabio Pitino requested to merge raise-warning-on-multiple-pipelines into master Jul 31, 2020

What does this MR do?

Related to #219431 (closed)

This MR raises a warning in either the CI Lint or during the pipeline creation when workflow:rules is not used AND last job:rules contains only when: key with a value that is not never.

The warning will contain the following text:

jobs:rspec may allow multiple pipelines to run for a single action due to rules:when clause with no workflow:rules - read more: https://docs.gitlab.com/ee/ci/yaml/README.html#rules-clauses

The link to the documentation (https://docs.gitlab.com/ee/ci/yaml/README.html#rules-clauses) is currently hard-coded until we do #221245

Let's see some examples:

Multiple job:rules but last one is when:always (or anything but when:never) --> raise warning

job:
  script: echo
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedules"'
      when: never
    - when: always  # This is guaranteed to cause duplicated pipelines when an MR is created (without properly configured workflow rules)

job:
  script: echo
  rules:
    - when: on_success  # This is guaranteed to cause duplicated pipelines when an MR is created (without properly configured workflow rules)

When last rule defines a clause (if, exists, changes) --> do not raise warning

job:
  script: echo
  rules:
    - if: '$CI_PIPELINE_SOURCE == "schedules"'
      when: always

When workflow:rules is defined --> do not raise warning

workflow:
  rules:
    - if: '$CI_COMMIT_BRANCH'

job:
  script: echo
  rules:
    - when: always

Screenshots

Note: The warnings are actually not yet displayed in the UI. This screenshot is to prove that the data about warnings is available for the UI to show. In a different MR we are going to display them in a warning box.

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
Tested in all supported browsers
Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

Label as security and @ mention @gitlab-com/gl-security/appsec
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
Security reports checked/validated by a reviewer from the AppSec team

Edited Jul 31, 2020 by Fabio Pitino

Admin message

Raise warning when job:rules can trigger multiple pipelines