GitLab job allow failure on certain exit code - gitlab

I have a GitLab CI/CD job doing some stuff.
I want some executed commands to be able to fail and result in a warning for this job, but I also want other command to result in an error in the pipeline if they fail.
I have set in the .yaml file allow_failure: true, which will always result in a warning for this job regardless of the error.
Can I tell GitLab job to output an error for a specific exit code and a warning for another ?

With gitlab 13.9 allow_failure:exit_codes where introduced. With that you can now allow failure for certain exits codes and fail the job for all other ones.
allow_failure:
exit_codes:
- 137
- 255

Related

gitlab-ci Job failed: exit status 1 with no error

I'm trying to run njsscan to SAST my code on gitlab-ci. But the results of the job always fail even though there are no errors as shown in the image below.
If I run the manual on my server the command runs without any problems in the image below.
Is this a bug of gitlab-ci ? or is there a solution I can do? thank you
I have the same issue using gitlab-runner 15.3.0 with docker executor (docker version is 20.10.17):
Job is failing with RC=1 while running the before_script part
Restarting the Job (without any changes to code or pipeline-definitions) just succeed in the most cases.
We are using a dozen of runners, but even if a job is restarted on the same runner, it succeeds although it just failed there before.

Status of jobs in gitlab after completion

I have a gitlab pipeline where I have 3 jobs in same stage and should run in parallel. After all jobs are completed, I need to know the following information for each job:
Job Name, Status (pass/fail), started at, finished at
I am using below api in the after_script in .gitlab-ci.yml
curl https://gitlab.com/api/v4/job?job_token=$CI_JOB_TOKEN"
But is always gives me status as 'running'. How can I get the correct status whether the job is passed or failed?
You don't need to use the API in that case.
In after_script section, you can use CI_JOB_STATUS environment variable (available from Gitlab Runner 13.5). From the documentation :
The status of the job as each runner stage is executed. Use with after_script. Can be success, failed, or canceled.
I've got "running" from CI_JOB_STATUS
To fix that set ENV variable for job or globally: FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 1
More details you can find here https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27693

Gitlab: Print custom warning

I wonder if it's possible to show a custom warning next to a Gitlab-CI job.
For example, I'd like in a single job to lint and style check a terraform configuration, print a warning if it doesn't pass, then create a terraform plan and stop the pipeline if that fails.
Is this feasible?
Turn on allow_failure (or set custom exit_codes) and exit with listed exit_codes. This will show a warning icon without blocking the pipeline.
test_job_2:
script:
- echo "Run a script that results in exit code 137. This job is allowed to fail."
- exit 137
allow_failure:
exit_codes:
- 137
- 255
Ref: https://docs.gitlab.com/ee/ci/yaml/#allow_failure

GitLab CI: How to continue job even when script fails

I have a job in my pipeline that has a script with two very important steps:
mvn test to run JUnit tests against my code
junit2html to convert the XML result of the tests to a HTML format (only possible way to see the results as my pipelines aren't done through MRs) that is uploaded to GitLab as an artifact
docker rm to destroy a container created earlier in the pipeline
My problem is that when my tests fail, the script stops immediately at mvn test, so the junit2html step is never reached, meaning the test results are never uploaded in the event of failure, and docker rm is never executed either, so the container remains and messes up subsequent pipelines as a result.
What I want is to be able to keep a job going till the end even if the script fails at some point. Basically, the job should still count as failed in GitLab CI / CD, but its entire script should be executed. How can I configure this?
In each step that you need to continue even if the step fails, you can add a flag to your .gitlab-ci.yml file in that step. For example:
...
Unit Tests:
stage: tests
only:
- branches
allow_failure: true
script:
- ...
It's that allow_failure: true flag that will continue the pipeline even if that specific step fails. Gitlab CI Documentation about allow_failure is here: https://docs.gitlab.com/ee/ci/yaml/#allow_failure
Update from comments:
If you need the step to keep going after a failure, and be aware that something failed, this has worked well for me:
./script_that_fails.sh || FAILED=true
if [ $FAILED ]
then ./do_something.sh
fi

Force to fail a sonarqube job in gitlab CI

Having in gitlab-ci a job like the following one:
static_test_service:
stage: test code
script:
- docker run --rm -v $(pwd):/data -w /data dparra0007/sonar-scanner:20171010-1 sonar-scanner
-Dsonar.projectKey=$CI_PROJECT_NAMESPACE:$CI_PROJECT_NAME
-Dsonar.projectName=$CI_PROJECT_NAME
-Dsonar.branch=$CI_COMMIT_REF_NAME
-Dsonar.projectVersion=$CI_JOB_ID
-Dsonar.sources=./greetingapi/src
-Dsonar.java.binaries=./greetingapi/target
-Dsonar.gitlab.project_id=$CI_PROJECT_ID
-Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
I would need to fail the gitlab job when the sonarqube analysis fails. But in that case, the error in analysis is reported but not sending a fail status to the job in Gitlab CI and the step always finish with success.
It seems that there is no way to raise any event from "docker run" to be managed by gitlab job.
Any idea on how to force to fail the job if the sonarqube analysis fails?
Thanks,
To break the CI build for a failed Quality Gate, you have write script based on the following steps
1.Search in /report-task.txt the values of the CE Task URL (ceTaskUrl) and CE Task Id (ceTaskId)
2.Call /api/ce/task?id=XXX where XXX is the CE Task Id retrieved from step 1 Ex:- https://yourSonarURL/api/ce/task?id=Your ceTaskId
3.Wait for sometime until the status is SUCCESS, CANCELED or FAILED from Step 2
4.If it is FAILED, break the build (Here failure is unable to generate sonar report)
5.If successful,then Use the analysisId from the JSON returned by /api/ce/task? id=XXX(step2)and Immediately call /api/qualitygates/project_status?analysisId=YYY to check the status of the quality gate.
Ex:- https://yourSonarURL/api/qualitygates/project_status?analysisId=Your analysisId
6.Step 5 gives the status of the critical, major and minor error threshold limit
7.Based on the limit break the build.
I faced this problem with GitLab and Sonar where Sonar was failing the QualityAnalysis but GitLab job was still passing with
INFO: ANALYSIS SUCCESSFUL, you can find the results at:
Now the problem is below missing config in sonar.properties
sonar.qualitygate.wait=true
sonar.qualitygate.timeout=1800
So basically, the SonarScan takes time to do the analysis and by default it won't wait for the analysis to complete and may returns default SUCCESSFUL ANALYSIS result to GitLab
With the mentioned configuration, we are explicitly asking GitLab to wait for the qualitygate to finish and gave some timeout as well (in case analysis takes long time to finish)
Now we see the GitLab job fails with below
ERROR: QUALITY GATE STATUS: FAILED - View details

Resources