CI pipeline is creating an unexpected external step

Unexpected external step is getting created

While setting up a build pipeline for a typescript project I added a security testing step into that pipeline. This seems to work but no matter what I do it always creates an External step at the end although it is not defined in the gitlab-ci.yml. The annoying thing is, that this step gets immediately cancelled which avoids a successful pipeline run. See the screenshot on how this looks:

We are running on GitLab.com with shared runners at the moment.
The attached gitlab-ci.yml shows what is defined:

Summary
image: alpine:latest

stages:
  - build
  - test
  - security-testing

include:
  - template: Workflows/Branch-Pipelines.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Workflows/Branch-Pipelines.gitlab-ci.yml
  - template: Jobs/Code-Quality.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
  - template: Jobs/Code-Intelligence.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml
  
build_and_publish:
  stage: build
  image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.4.0"
  services:
- docker:19.03.12-dind
  variables:
DOCKER_TLS_CERTDIR: ""
DOCKER_HOST: tcp://docker:2375
  before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
  script:
- export CI_APPLICATION_REPOSITORY=${CI_APPLICATION_REPOSITORY:-$CI_REGISTRY_IMAGE}
- export CI_APPLICATION_TAG=${CI_APPLICATION_TAG:-$CI_COMMIT_SHORT_SHA}
- docker build --build-arg NODE_AUTH_TOKEN=$NODE_AUTH_TOKEN -f Dockerfile . -t $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG
- docker push $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG

test:
  stage: test
  image: node:12
  services:
- docker:dind
  script:
- touch ~/.npmrc && printf "@...:registry=https://npm.pkg.github.com\n//npm.pkg.github.com/:_authToken=$NODE_AUTH_TOKEN\nunsafe-perm=true" > ~/.npmrc && npm ci
- npm run test  

# gitleaks is for the hardcoded git secrets scanning
gitleaks:
  stage: security-testing
  image: "zricethezav/gitleaks"
  script: gitleaks -v --pretty --repo-path . --commit-from=$CI_COMMIT_SHA --commit-to=$CI_COMMIT_BEFORE_SHA --branch=$CI_COMMIT_BRANCH
  allow_failure: true  

# Snyk is for dependency checks
snyk:
  stage: security-testing
  image: "snyk/snyk-cli:npm"
  variables:
SNYK_TOKEN: $SNYK_TOKEN
  script: snyk monitor --org=80a2edb0-847a-48dc-be5b-3f923b1d1c94
  allow_failure: true

I already tried to remove all the security steps but the external step seems to be now persistent and is always popping up, no matter what I do change inside the gitlab-ci.yml.

So do you guys have any idea what could cause this? The snyk step inside the security-testing group is executed successfully, which makes me even more wonder.

Any hint or help is very much appreciated :slight_smile:

It looks like SNYK_TOKEN: $SNYK_TOKEN is inline with synk: making it another job. The job doesn’t have a stage attached to it, so maybe it’s defaulting to external.

Thanks a lot for your suggestion, I tried but sadly everything was perfectly formatted and I guess this wrong indentation was more of a copy paste issue here. Anyway, I figured out that there was a web hook configured for synk on this project and this seemed to cause the issue. After deleting it, the external job was disappearing :slight_smile:
So I consider this solved :slight_smile: