Hi,
I am trying to configure a multi project pipeline. The downstream pipeline will create a new docker image and upload to Docker Hub, with the image tag of the branch or tag in the commit. This is working fine when triggered manually. However it fails consistently when called by a trigger in the parent pipeline.
Both projects belong to the same namespace:
- .gitlab-ci.yml · develop · ApiOpenStudio / Api Open Studio · GitLab
- .gitlab-ci.yml · master · ApiOpenStudio / Docker Images / Api Open Studio Docker Prod · GitLab
Relevant snippets are below. I’ve read that the CI rules are inherited in the downstream pipeline, so I’m overriding them.
Any help would be appreciated. For now, I am able to manually run the downstream pipeline, but this is not ideal…
Upstream pipeline
Workflow Rules (ensure the pipelines do not run on master/develop branches in forks)
workflow:
rules:
- if: '$CI_PROJECT_NAMESPACE != "apiopenstudio" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
when: never
- if: '$CI_PROJECT_NAMESPACE != "apiopenstudio" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
when: never
- when: always
Rules
.commit_to_apiopenstudio_develop:
rules:
- if: '$CI_PROJECT_NAMESPACE == "apiopenstudio" && $CI_COMMIT_BRANCH == "develop" && $CI_COMMIT_TAG == null'
when: always
.commit_to_apiopenstudio_master:
rules:
- if: '$CI_PROJECT_NAMESPACE == "apiopenstudio" && $CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
when: always
.tag_to_apiopenstudio_master:
rules:
- if: '$CI_PROJECT_NAMESPACE == "apiopenstudio" && $CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null'
when: always
Stages
stages:
- test
- deploy_phpdoc
- prod_docker
Jobs
prod-docker-develop:
stage: prod_docker
rules:
- !reference [.commit_to_apiopenstudio_develop, rules]
variables:
BRANCH: develop
trigger:
project: apiopenstudio/docker_images/apiopenstudio_docker_prod
branch: master
strategy: depend
prod-docker-master:
stage: prod_docker
rules:
- !reference [.commit_to_apiopenstudio_master, rules]
variables:
BRANCH: master
trigger:
project: apiopenstudio/docker_images/apiopenstudio_docker_prod
branch: master
strategy: depend
prod-docker-tag:
stage: prod_docker
rules:
- !reference [.tag_to_apiopenstudio_master, rules]
variables:
TAG: $CI_COMMIT_TAG
trigger:
project: apiopenstudio/docker_images/apiopenstudio_docker_prod
branch: master
strategy: depend
Downstream job
image: docker:latest
services:
- docker:dind
workflow:
rules:
- when: always
stages:
- build_image
before_script:
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
build-image:
stage: build_image
only:
- triggers
- web
script:
- if [[ ! -z "$BRANCH" ]]; then IMAGE_TAG=$BRANCH; else IMAGE_TAG=$TAG; fi
- docker build -t "$CI_IMAGE_NAME" --build-arg SSH_PRIVATE_KEY="$SSH_PRIVATE_KEY" --build-arg CI_REPOSITORY="$CI_REPOSITORY" --build-arg BRANCH="$BRANCH" --build-arg TAG="$TAG" .
- docker tag $CI_IMAGE_NAME $CI_IMAGE_NAME:$IMAGE_TAG
- docker push $CI_IMAGE_NAME:$IMAGE_TAG