From 98bd5aaa7e09657b74b976afeedeb14ac9b9d2d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Alexandre=20Cunha?= Date: Fri, 4 Aug 2023 20:48:11 +0000 Subject: [PATCH 1/2] Fix dev pipeline The MR that include the new Danger job didn't account for the pipelines that runs on dev, which can't include the upstream template if not from a remote source. Also the dev pipeline does not have a token set for the Danger job, so the job needs to be skipped anyway. --- .gitlab-ci.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a914329b23..2360062870 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -77,11 +77,7 @@ include: - template: Jobs/Secret-Detection.latest.gitlab-ci.yml - template: Jobs/SAST.latest.gitlab-ci.yml - template: Jobs/SAST-IaC.latest.gitlab-ci.yml - - project: 'gitlab-org/quality/pipeline-common' - file: - - '/ci/danger-review.yml' - rules: - - if: $CI_SERVER_HOST == "gitlab.com" + - remote: 'https://gitlab.com/gitlab-org/quality/pipeline-common/-/raw/6.4.0/ci/danger-review.yml' dependency_scanning: needs: [] @@ -465,6 +461,8 @@ debug_review_gke122: - if: '$PIPELINE_TYPE =~ /FEATURE_BRANCH_PIPELINE$/' danger-review: + rules: + - if: $CI_SERVER_HOST == "gitlab.com" before_script: - bundle add gitlab-dangerfiles -- GitLab From b361a066cb63b79b30b4d132266a0715ba279e6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Alexandre=20Cunha?= Date: Fri, 4 Aug 2023 21:47:28 +0000 Subject: [PATCH 2/2] Define danger-review job before its include This is necessary because we need to be able to define a "no-op" script in the job, so that it does not fail parsing on dev.gitlab.org. Additionally, we want to override this script by including /ci/danger-review.yml. So, including needs to come second, accordingly to our yaml config merge rules. --- .gitlab-ci.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2360062870..2f773775e9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -71,13 +71,27 @@ stages: - cleanup - report +# This job MUST be defined before including /ci/danger-review.yml below +# because we MUST override the `script` key in the correct order +danger-review: + # This script only exists so that this yaml file is correctly parsed on dev.gitlab.org + # where /ci/danger-review.yml won't be included. In gitlab.com this will be included + # and the script will be overridden. + script: echo "no-op" + rules: + - if: $CI_SERVER_HOST == "gitlab.com" + include: - local: '/.gitlab/ci/rules.gitlab-ci.yml' - template: Jobs/Dependency-Scanning.latest.gitlab-ci.yml - template: Jobs/Secret-Detection.latest.gitlab-ci.yml - template: Jobs/SAST.latest.gitlab-ci.yml - template: Jobs/SAST-IaC.latest.gitlab-ci.yml - - remote: 'https://gitlab.com/gitlab-org/quality/pipeline-common/-/raw/6.4.0/ci/danger-review.yml' + - project: 'gitlab-org/quality/pipeline-common' + file: + - '/ci/danger-review.yml' + rules: + - if: $CI_SERVER_HOST == "gitlab.com" dependency_scanning: needs: [] -- GitLab