DAST template job overrides pipeline stages
Summary
The CI template for DAST specifies pipeline stages, potentially overriding stages set elsewhere.
Steps to reproduce
I have a project at enverus/global/pipelines
with a CI/CD configuration file named global.yml
that includes pipeline stages.
In a project, if I include global.yml
and then include the Security/DAST.gitlab-ci.yml
template, the template overrides my pipeline stages.
Example Project
N/A
What is the current bug behavior?
The Security/DAST.gitlab-ci.yml template specifies a list of stages (lines 7 to 11).
stages:
- build
- test
- deploy
- dast
Depending on include order, this can override pipeline stages declared elsewhere.
What is the expected correct behavior?
The Security/DAST.gitlab-ci.yml
template shouldn't be specifying any pipeline stages.
Relevant logs and/or screenshots
global.yml (excerpt):
stages:
- Check
- Build
- Package
- Static Tests
- Review
- Stage
- Dynamic Tests
- Release
- Post-Release
- Evaluate
- Cleanup
Project .gitlab-ci.yml:
Note that job_a
specifies the stage Static Tests
declared in global.yml
.
include:
- project: enverus/global/pipelines
ref: latest
file: global.yml
- template: Security/DAST.gitlab-ci.yml
job_a:
stage: Static Tests
script:
- echo "Hello, world!"
Error from CI Lint:
The Security/DAST.gitlab-ci.yml
template has replaced the stages with build
, test
, deploy
, and dast
.
Status: syntax is incorrect
job_a job: chosen stage does not exist; available stages are .pre, build, test, deploy, dast, .post
Output of checks
This bug happens on GitLab.com.
Technical details
- Update DAST template to use latest and stable versions
- Delete the stages list on DAST.gitlab-ci.yml#L7-11 in the
latest
version