Do not run notify-package-and-test-failure on security
What does this MR do and why?
In !112367 (merged), we added a new CI job so when a e2e:package-and-test-ee job fails on a stable branch, a discussion is opened pinging the MR author. The intent was for that job to only run on canonical (https://gitlab.com/gitlab-org/gitlab), but we saw that it continued to run on the security project as well (example).
It turns out the if-not-canonical-namespace CI rule was not doing what I originally thought. It is meant to match forks, so the rule that already exists:
- <<: *if-not-canonical-namespace
when: neverprevents this job from running on forks, but it will still run on a project like gitlab-org/security/gitlab.
Since security MRs are the only time we have MRs targeting stable branches that we want to avoid running this job, I've added an additional rule to prevent it from running on those MRs.
Screenshots or screen recordings
To prove the functionality, I opened two MRs with this change: one targeting a stable branch on the security project, and one targeting a stable branch on canonical.
| Description | Screenshot |
|---|---|
We see on the security MR, the notify stage of the pipeline is not included at all, qa is the last stage: https://gitlab.com/gitlab-org/security/gitlab/-/pipelines/876654408
|
 |
We see on the canonical MR, the notify stage of the pipeline is included and the notify-package-and-test-failure is present: https://gitlab.com/gitlab-org/gitlab/-/pipelines/876656237
|
 |
How to set up and validate locally
See above section
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to gitlab-com/gl-infra/delivery#4420 (closed)