Pipeline status shows success without considering warnings
Problem
When a pipeline uses a bridge job with allow_failure: true
and the downstream pipeline fails, the upstream bridge job shows as failed. However, the related stage and pipeline show as success
. This confuses users making them think that there is something wrong with the pipeline processing.
Steps to reproduce
build:
stage: build
script: echo
test:
stage: test
script: echo
trigger:
stage: test
trigger:
include: child.yml
strategy: depend
allow_failure: true
# in child.yml
build:
script: exit 1
This configuration should cause a pipeline and Test stage to have success
status
Expected behavior
The pipeline and stage should show success with warnings
status because the bridge job fails with allow_failure: true
.
Solution
From #292211 (comment 462212352):
The problem with the stage is located here, where we use Ci::Build
to look for jobs with warnings. This would not consider Ci::Bridge
jobs which is the case of trigger:
. We should replace Ci::Build
with CommitStatus
as we do for LegacyStage.
Same problem with pipelines: https://gitlab.com/gitlab-org/gitlab/-/blob/b08717a8dc941140c0e1ffc5a9776fe35ff97101/app/models/ci/pipeline.rb#L660 (we use Ci::Build
instead of CommitStatus
which is more generic).
Original description for reference
Summary
In a parent-child pipeline setup where the trigger strategy is set to depend
, the parent pipeline succeeds even though some of its child pipelines fail. The child pipelines belong to external projects.
Steps to reproduce
Based on the Example project where this occurred, it should be possible to reproduce the bug by doing the following:
- create a project with a parent pipeline that triggers child pipelines in external projects
- set the
trigger:strategy
todepend
- ensure the child pipeline fails
- trigger the parent pipeline
Example Project
https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven/-/pipelines/226618612
See CI template, job template, and job definition.
What is the current bug behavior?
parent pipeline succeeds
What is the expected correct behavior?
parent pipeline fails
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
/cc @fabiopitino /cc @gitlab-org/secure/composition-analysis-be