on_success for jobs in protected environments is ignored - gitlab

prod is configured as a protected environment. After approval of deploy job I would like to run tests automatically to verify successful deployment.
deploy:
stage: deploy
script:
- echo "deploy"
environment:
name: prod
action: start
test:
stage: test
script:
- echo "test"
environment:
name: prod
action: verify
when: on_success
The .gitlab.ci template above will generate the following pipeline:
After approving the deployment to prod the test job still require a manual action. Why is that? How do you run automated tests using environment and action: verify?
Removing the environment section from the test job gives the desired funcitonality, but this defeats the purpose of action: verify?
deploy:
stage: deploy
script:
- echo "deploy"
environment:
name: prod
action: start
test:
stage: test
script:
- echo "test"
when: on_success

Related

Gitlab-ci lost environment variables

I'm developing a pipeline on GitLab-ci, in the first job I use gittools/gitversion the obtain the semantic version of my software.
Here a small piece of code of /gitversion-ci-cd-plugin-extension.gitlab-ci.yml (Full documentation here https://gitversion.net/docs/reference/build-servers/gitlab)
.gitversion_function:
image:
name: gittools/gitversion
entrypoint: ['']
stage: .pre
.....
.....
artifacts:
reports:
#propagates variables into the pipeline level
dotenv: thisversion.env
Then a simplified version of my pipeline is as follows
stages:
- .pre
- install_dependencies
- build
- deploy
include:
- local: '/gitversion-ci-cd-plugin-extension.gitlab-ci.yml'
determineversion:
extends: .gitversion_function
install_dependencies:
image: node:16.14
stage: install_dependencies
script:
- echo ${PACKAGE_VERSION}
build:
image: node:16.14
stage: build
script:
- echo $PACKAGE_VERSION
deploy:
image: bitnami/kubectl
stage: deploy
needs: ['build']
script:
- echo $PACKAGE_VERSION
The problem is that the environment variable $PACKAGE_VERSION works in the first two jobs install_dependencies and build.
echo $PACKAGE_NAME; //0.0.1
But when the jobs deploy is executed the environment variable is not expanded by pipeline and I obtain literally this
echo $PACKAGE_NAME; //$PACKAGE_NAME
I found the problem.
In the last job of my pipeline, I use needs (https://docs.gitlab.com/ee/ci/yaml/#needs) to establish dependencies between jobs.
The problem is that artifact is not automatically passed because there is no a dependency between determineversion and deploy, to fix I do this:
...
deploy:
image: bitnami/kubectl
stage: deploy
needs: ['determineversion', 'build'] # <------
script:
- echo $PACKAGE_VERSION
...
I added determineversion as a dependency of deploy, in this way $PACKAGE_VERSION is printed correctly

gitlab CI/CD: How to trigger only a particular jobs

I am trying to trigger gitlab CI/CD pipeline of ProjectA from ProjectB
gitlab-ci.yml of projectB
stages:
- deploy
staging:
stage: deploy
trigger:
project: projectA
branch: main
And my gitlab-ci.yml of projectA is
image: docker:19.03.13
stages:
- build
- staging
fromprojectB: <--- when I trigger pipeline from B, I want only this job to run in build stage
stage: build
script:
..............
fromprojectC:
stage: build
fromprojectD:
stage: build
script:
.......
deploy-to-stage:
stage: staging
script:
............
I want only the fromprojectB job to run among the build stage jobs when the pipeline is triggers from projectB
How can I do this
You can pass environment variables from projectB and then use them in rules in projectA.
Example based on your input:
projectA:
stages:
- build
fromprojectB:
stage: build
rules:
- if: '$RUN_JOB_B'
when: always
- when: never
allow_failure: true
script:
- echo "Compiling the code from project B"
- echo "Compile complete."
fromprojectC:
stage: build
rules:
- if: '$RUN_JOB_C'
when: always
- when: never
allow_failure: true
script:
- echo "Compiling the code from project C"
- echo "Compile complete."
and projectB:
stages:
- build
build-job:
stage: build
variables:
RUN_JOB_B: "true"
trigger:
project: itersive/internal/rd/projecta
branch: main
Pipeline in projectB:
Pipeline in projectA:
In this setup you cannot run pipeline in projectA - all jobs require environment variables - see rules section.

How to use rule in gitlab-ci to run after specific manual job

I have the following stages:
- run
- notify
when run have 3 jobs: run-prod, run-stg, run-dev
which all of them are triggered only by manual action because they require env variables.
The problem is that i want to run notify step only if run actually runs (on not manual pipelines its not run) - how can i do it?
i tried with needs and only but its not working
notify jobs:
notify on run success:
stage: notify
extends: .dv.notify.slack_channel
variables:
SLACK_MESSAGE: "\"🟩 Recovery process which triggered by $GITLAB_USER_NAME finished successfully on context: $CONNECT_CONTEXT, connector: $CONNECT_NAME, connectors: $CONNECTORS_NAMES\""
SLACK_CHANNEL: C02AX03H04F #recovery
notify on run failure:
stage: notify
extends: .dv.notify.slack_channel
variables:
SLACK_MESSAGE: "\"🟥️ Recovery process which triggered by $GITLAB_USER_NAME failed on context: $CONNECT_CONTEXT, connector: $CONNECT_NAME, connectors: $CONNECTORS_NAMES\""
SLACK_CHANNEL: C02AX03H04F #recovery
run-stg:
run-stg:
extends: run
script: ...
rules:
- if: $CONNECT_CONTEXT =~ /^cs-*/
when: manual
Minimal example config that requires manual input of the CONNECT_CONTEXT variable:
stages:
- run
- notify
variables:
CONNECT_CONTEXT:
description: Your description for this variable.
run:
stage: run
rules:
- if: $CONNECT_CONTEXT =~ /^cs-*/
script:
- echo run $CONNECT_CONTEXT
notify:
stage: notify
rules:
- if: $CONNECT_CONTEXT =~ /^cs-*/
script:
- echo notify $CONNECT_CONTEXT

GitLab CI execute deploy stage after one of multiple build stages is done

I have four build stages, which are operated manually. What I'd like is to execute the deploy stage, after one build stage is finished. Right now my implementation only works when all four build stages are finished.
Use case: Dev klicks on the environment he wants to build. After build is done, it is deployed to the systems. Deploy should start automatically after build is finished
Q: Is there a way to execute the deploy stage after only one build is done?
My implementation of the build pipelines (simplified):
production:
stage: env
script:
- echo build one
when: manual
allow_failure: false
production2:
stage: env
script:
- echo build two
when: manual
allow_failure: false
staging:
stage: env
script:
- echo build three
when: manual
allow_failure: false
staging2:
stage: env
script:
- echo build four
when: manual
allow_failure: false
This is my deploy stage
build:
stage: build
needs: [production, production2, staging, staging2]
when: on_success
script:
- echo do deploy stuff
Many thanks and I wish you a nice day
Maybe something like this help?
build:
stage: build
needs:
- job: production
optional: true
- job: production2
optional: true
- job: staging
optional: true
- job: staging2
optional: true
when: on_success
script:
- echo do deploy stuff
So far I've only found a solution that works.
stages:
- env
- connections
- build
production:
stage: env
script:
- echo build one
when: manual
allow_failure: false
production2:
stage: env
script:
- echo build two
when: manual
allow_failure: false
staging:
stage: env
script:
- echo build three
when: manual
allow_failure: false
staging2:
stage: env
script:
- echo build four
when: manual
allow_failure: false
# Connections
run:build:production:
extends: .build
stage: connections
needs:
- job: production
run:build:production2:
extends: .build
stage: connections
needs:
- job: production2
run:build:staging:
extends: .build
stage: connections
needs:
- job: staging
run:build:staging2:
extends: .build
stage: connections
needs:
- job: staging2
.build:
stage: build
script:
- echo do deploy stuff

Build to multiple build servers on a single Gitlab merge request?

I need some direction here. I'm reading whatever documentation I can find online but it's not hitting the right synapses or I haven't found the right link yet. On a merge request to a deployable environment, I want to kick off a build on two separate machines. Both machines are IBM Is, running different versions of the OS. I'd like for these builds and subsequent deploys to happen independently of each other.
My .yml file has the entries for the build for the two machines (QQDEV & BNADEV), but the builds occur sequentially, not in parallel. The picture below is what Gitlab draws.
To me, from the above picture, it looks like both build_BNADEV and build_QQDEV are going to run the deploy jobs DEV_BNADEV and DEV_QQDEV. I want build_BNADEV to run DEV_BNADEV, et al, and that is a separate issue aside from the parallel builds.
What do I need here? Another runner? Another pipeline? Just looking for general pointers and direction here.
Here is my YAML.
stages:
- build
- deploy
build_QQDEV:
variables:
THING: "This is a THING for build for QQDEV"
script:
- "bash ./GitLabCI/GitLabCI.Build.sh qqdev"
stage: build
only:
- DEV
- QA
- UAT
- PROD
build_BNADEV:
variables:
THING: "This is a THING for build for BNADEV"
script:
- "bash ./GitLabCI/GitLabCI.Build.sh bnadev"
stage: build
only:
- DEV
- QA
DEV_QQDEV:
variables:
THING: "This is a THING for deploy_DEV_QQDEV"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQDEV EPDEV1_5 /home/quikq/1.5/dev"
stage: deploy
environment:
name: DEV
only:
- DEV
DEV_BNADEV:
variables:
THING: "This is a THING for deploy_DEV_BNADEV"
REBUILD_DEPLOYMENT: "0"
ASPGRP: "DATADEV"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh BNADEV EPDEV1_5 /home/quikq/1.5/dev"
stage: deploy
environment:
name: DEV
only:
- DEV
QA_QQDEV:
variables:
THING: "This is a THING for deploy_QA_QQDEV"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQDEV EPQA1_5 /home/quikq/1.5/qa"
stage: deploy
environment:
name: QA
only:
- QA
QA_BNADEV:
variables:
THING: "This is a THING for deploy_QA_BNADEV"
REBUILD_DEPLOYMENT: "0"
ASPGRP: "DATADEV"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh BNADEV EPQA1_5 /home/quikq/1.5/qa"
stage: deploy
environment:
name: QA
only:
- QA
UAT_QQ:
variables:
THING: "This is a THING for deploy_UAT_QQ"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQ EPUAT1_5 /home/quikq/1.5/uat"
stage: deploy
environment:
name: UAT
only:
- UAT
UAT_QQBNA:
variables:
THING: "This is a THING for deploy_UAT_QQBNA"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQBNA EPUAT1_5 /home/quikq/1.5/uat"
stage: deploy
environment:
name: UAT
only:
- UAT
PROD_QQ:
variables:
THING: "This is a THING for deploy_PROD_QQ"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQ EPPROD1_5 /home/quikq/1.5/prod"
stage: deploy
environment:
name: PROD
only:
- PROD
PROD_QQBNA:
variables:
THING: "This is a THING for deploy_PROD_QQBNA"
ASPGRP: "*NONE"
script:
- "bash ./GitLabCI/GitLabCI.Deploy.sh QQBNA EPPROD1_5 /home/quikq/1.5/prod"
stage: deploy
environment:
name: PROD
only:
- PROD

Resources