Make sure untamper doesn't trigger double pipelines
While looking at the pipelines on the docs project, I noticed some mysterious extra pipelines. It seems that some extra pipelines are being triggered for branches, even though we're using merge request pipelines.
It seems that the template imported into the docs project is causing this, because of the the changes
rule:
It's not combined with an if:
so it's actually running on scheduled pipelines too (https://gitlab.com/gitlab-org/gitlab-docs/-/pipelines/251793113) because changes:
always resolves to true in everything except branch/MR pipelines: https://docs.gitlab.com/ee/ci/yaml/README.html#ruleschanges
It needs to only run in branch/MR pipelines. At the same time, it should only run in one pipeline, or the other, but not both branch and MR pipelines.
The three rules being added work this way:
- If it's a merge request pipeline AND yarn.lock changed, add it to the pipeline.
- If it's a branch pipeline, but there's an open MR for the branch, don't add it to the pipeline (CI_OPEN_MERGE_REQUESTS is a recently added predefined variable).
- If it's a branch pipeline (and there's no open MR, because that was checked in the rule above), then it's OK to add it to the pipeline.
- if: $CI_MERGE_REQUEST_IID
changes:
- yarn.lock
- if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
when: never
- if: $CI_COMMIT_BRANCH
changes:
- yarn.lock
Since these rules are strict, the job won't be added to any other pipelines (schedules, tags, etc). At the same time, it should work for all projects, regardless of their style. If they use branch pipelines only, it'll work. If they use MR pipelines only, it should still work!