Problem to solve
Whenever we build a pipeline that deployes to protected environments, all the jobs become implicitly “when: manual”. even when specifically set to “when: always” or “when: on_success”.
We have complicated pipelines, getting the deployers to approve every step prior to the approval step is confusing and means the pipelines need to be written with wierd changes in intention so that pipelines that target non protected and protected environments play consistently.
Steps to reproduce
Our actual pipelines typically target a single environment at a time, but for the purpose of simplicitly I show a hybrid pipeline: Assuming the production environment is protected the following ci.yml fragment might apply:
plan:
parallel:
matrix:
- ENVIRONMENT: ["development","production"]
rules:
- if: $CI_COMMIT_TAG
when: always
environment:
name: $ENVIRONMENT
action: prepare
script:
- echo "prepare a deployment plan"
When run, plan [deployment] will execute successfully and plan [production] will wait for a manual action. As this is a preparation job, this is undesirable as we have many jobs preparing artefacts for the deployment (i.e. environment.action: start) job.
Configuration
Add the CI/CD configuration from .gitlab-ci.yml and other configuration if relevant (e.g. docker-compose.yml). Alternatively, create a public GitLab.com example project that provides all necessary files to reproduce the question.
Versions
Last seen on GitLab 17.10.1