CI/CD variable expansion in rules when running from Web

GitLab CI/CD
1

Problem to solve

In our GitLab CI/CD pipeline, we are using environment-specific configurations to control which jobs run based on the target environment. Here’s an outline of our setup:

  • Jobs in .gitlab-ci.yml: Our CI/CD pipeline has multiple jobs defined in .gitlab-ci.yml.
  • Environment-specific variables: We use an included configuration file that defines environment-specific variables.
  • Conditional Job Execution with Rules: In each job, the rules keyword is used to conditionally trigger jobs based on environment variables. Specifically, we rely on a custom variable ($ENVIRONMENT_COMMIT_BRANCH) defined in each environment to match against $CI_COMMIT_BRANCH and execute jobs only for certain branches.

The pipeline logic works as expected in our higher environments (QA and PROD) where $ENVIRONMENT_COMMIT_BRANCH is statically set to specific branch names: main and validation. However, in the DEV environment, $ENVIRONMENT_COMMIT_BRANCH is set to $CI_DEFAULT_BRANCH, which should dynamically expand to the default branch.

Symptoms

When we run manual pipelines directly from the GitLab web interface:

  • Variable expansion does not occur as expected in the rules section for the DEV environment.
  • This results in jobs for the DEV environment not being selected when they should be.
  • The error prevents us from starting the pipeline for DEV:

Pipeline cannot be run.
Pipeline will not run for the selected trigger. The rules configuration prevented any jobs from being added to the pipeline.

In addition, it also works when using $CI_DEFAULT_BRANCH directly - so this is a workaround - but setting it as a common variable makes the definition nice and clean.

Steps to reproduce

  1. Define the variable in environment:
.dev:
  environment: DEV
  variables:
    ENVIRONMENT_COMMIT_BRANCH: $CI_DEFAULT_BRANCH
  1. Define the template that uses the variable in rules section:
.api_deploy:
  stage: deploy
  script: ./scripts/deploy.sh
  rules:
    - if: $API == "Deploy" && $CI_COMMIT_BRANCH == $ENVIRONMENT_COMMIT_BRANCH
  1. Create a job using above:
api_deploy_dev:
  extends:
    - .dev
    - .api_deploy

Expected behavior

The job is added when pipeline is created from the default branch.

Versions

Please select whether options apply, and add the version information.

  • Self-managed
  • GitLab.com SaaS
  • Dedicated
  • Self-hosted Runners

Versions

  • GitLab: v17.2.2-ee