Unexpected external step is getting created
While setting up a build pipeline for a typescript project I added a security testing step into that pipeline. This seems to work but no matter what I do it always creates an External step at the end although it is not defined in the gitlab-ci.yml. The annoying thing is, that this step gets immediately cancelled which avoids a successful pipeline run. See the screenshot on how this looks:
We are running on GitLab.com with shared runners at the moment.
The attached gitlab-ci.yml shows what is defined:
Summary
image: alpine:latest
stages:
- build
- test
- security-testing
include:
- template: Workflows/Branch-Pipelines.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/-/tree/master/lib/gitlab/ci/templates/Workflows/Branch-Pipelines.gitlab-ci.yml
- template: Jobs/Code-Quality.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Quality.gitlab-ci.yml
- template: Jobs/Code-Intelligence.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab/blob/master/lib/gitlab/ci/templates/Jobs/Code-Intelligence.gitlab-ci.yml
build_and_publish:
stage: build
image: "registry.gitlab.com/gitlab-org/cluster-integration/auto-build-image:v0.4.0"
services:
- docker:19.03.12-dind
variables:
DOCKER_TLS_CERTDIR: ""
DOCKER_HOST: tcp://docker:2375
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
script:
- export CI_APPLICATION_REPOSITORY=${CI_APPLICATION_REPOSITORY:-$CI_REGISTRY_IMAGE}
- export CI_APPLICATION_TAG=${CI_APPLICATION_TAG:-$CI_COMMIT_SHORT_SHA}
- docker build --build-arg NODE_AUTH_TOKEN=$NODE_AUTH_TOKEN -f Dockerfile . -t $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG
- docker push $CI_APPLICATION_REPOSITORY:$CI_APPLICATION_TAG
test:
stage: test
image: node:12
services:
- docker:dind
script:
- touch ~/.npmrc && printf "@...:registry=https://npm.pkg.github.com\n//npm.pkg.github.com/:_authToken=$NODE_AUTH_TOKEN\nunsafe-perm=true" > ~/.npmrc && npm ci
- npm run test
# gitleaks is for the hardcoded git secrets scanning
gitleaks:
stage: security-testing
image: "zricethezav/gitleaks"
script: gitleaks -v --pretty --repo-path . --commit-from=$CI_COMMIT_SHA --commit-to=$CI_COMMIT_BEFORE_SHA --branch=$CI_COMMIT_BRANCH
allow_failure: true
# Snyk is for dependency checks
snyk:
stage: security-testing
image: "snyk/snyk-cli:npm"
variables:
SNYK_TOKEN: $SNYK_TOKEN
script: snyk monitor --org=80a2edb0-847a-48dc-be5b-3f923b1d1c94
allow_failure: true
I already tried to remove all the security steps but the external step seems to be now persistent and is always popping up, no matter what I do change inside the gitlab-ci.yml.
So do you guys have any idea what could cause this? The snyk step inside the security-testing group is executed successfully, which makes me even more wonder.
Any hint or help is very much appreciated