CI job rules combining if and exists always runs

I have been adding in the GitLab SAST template to a project and noticed that all the *-sast seem to run for all merge requests, even through they have the exists rule present and we don’t have any files in the repo that match the globs, using the brakeman-sast as an example, the rule is

    - if: ($CI_COMMIT_BRANCH || $CI_MERGE_REQUEST_IID)
      exists:
        - '**/*.rb'
        - '**/Gemfile'

And even though we have no *.rb files or Gemfile files (it’s a Laravel/PHP application), it will always run and gives the following output

$ /analyzer run
[INFO] [Brakeman] [2021-10-26T06:02:23Z] ▶ GitLab Brakeman analyzer v2.20.1
[INFO] [Brakeman] [2021-10-26T06:02:23Z] ▶ Detecting project
[WARN] [Brakeman] [2021-10-26T06:02:23Z] ▶ No match in /builds/2TPyCzgz/4/espadav8/example

Is there something we have set up incorrectly in the rules? my understanding is that both the if and the exists should be true for it to match and run that job.

Thanks

Hi,
This is probably related to the fact, that currently exists rule is limited to 10000 checks and returns true after. If you have project with thousands of files, you can quickly reach that limit.
See also: CI/CD YAML syntax reference | GitLab
Hope, that helps. Thanks