Raise warning when job:rules can trigger multiple pipelines
What does this MR do?
Related to #219431 (closed)
This MR raises a warning in either the CI Lint or during the pipeline creation when workflow:rules
is not used AND last job:rules
contains only when:
key with a value that is not never
.
The warning will contain the following text:
jobs:rspec may allow multiple pipelines to run for a single action due to rules:when
clause with no workflow:rules
- read more: https://docs.gitlab.com/ee/ci/yaml/README.html#rules-clauses
The link to the documentation (https://docs.gitlab.com/ee/ci/yaml/README.html#rules-clauses) is currently hard-coded until we do #221245
Let's see some examples:
- Multiple
job:rules
but last one iswhen:always
(or anything butwhen:never
) --> raise warning
job:
script: echo
rules:
- if: '$CI_PIPELINE_SOURCE == "schedules"'
when: never
- when: always # This is guaranteed to cause duplicated pipelines when an MR is created (without properly configured workflow rules)
job:
script: echo
rules:
- when: on_success # This is guaranteed to cause duplicated pipelines when an MR is created (without properly configured workflow rules)
- When last rule defines a clause (
if
,exists
,changes
) --> do not raise warning
job:
script: echo
rules:
- if: '$CI_PIPELINE_SOURCE == "schedules"'
when: always
- When
workflow:rules
is defined --> do not raise warning
workflow:
rules:
- if: '$CI_COMMIT_BRANCH'
job:
script: echo
rules:
- when: always
Screenshots
Note: The warnings are actually not yet displayed in the UI. This screenshot is to prove that the data about warnings is available for the UI to show. In a different MR we are going to display them in a warning box.
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team