Skip to content

Do not run notify-package-and-test-failure on security

Steve Abrams requested to merge delivery4420-fix-package-test-security into master

What does this MR do and why?

In !112367 (merged), we added a new CI job so when a e2e:package-and-test-ee job fails on a stable branch, a discussion is opened pinging the MR author. The intent was for that job to only run on canonical (https://gitlab.com/gitlab-org/gitlab), but we saw that it continued to run on the security project as well (example).

It turns out the if-not-canonical-namespace CI rule was not doing what I originally thought. It is meant to match forks, so the rule that already exists:

    - <<: *if-not-canonical-namespace
      when: never

prevents this job from running on forks, but it will still run on a project like gitlab-org/security/gitlab.

Since security MRs are the only time we have MRs targeting stable branches that we want to avoid running this job, I've added an additional rule to prevent it from running on those MRs.

Screenshots or screen recordings

To prove the functionality, I opened two MRs with this change: one targeting a stable branch on the security project, and one targeting a stable branch on canonical.

Description Screenshot
We see on the security MR, the notify stage of the pipeline is not included at all, qa is the last stage: https://gitlab.com/gitlab-org/security/gitlab/-/pipelines/876654408 Screenshot_2023-05-23_at_4.09.25_PM
We see on the canonical MR, the notify stage of the pipeline is included and the notify-package-and-test-failure is present: https://gitlab.com/gitlab-org/gitlab/-/pipelines/876656237 Screenshot_2023-05-23_at_4.09.02_PM

How to set up and validate locally

See above section

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to gitlab-com/gl-infra/delivery#4420 (closed)

Edited by Steve Abrams

Merge request reports

Loading