Gitlab dependencies in CI/CD pipeline


I have 6 stages

  1. Build
  2. Image_Scan
  3. Dev
  4. Stage
  5. Prod
    6 Dr_deploy

in build we have 1 job build
in image scan we have 3 jobs A, B, C
in Dev we have A_1, A_2,B_1, B_2, C_1, C_2
in stage we have AA_1, AA_2,BB_1, BB_2, CC_1, CC_2
in Prod we have AAA_1, AAA_2,BBB_1, BBB_2, CCC_1, CCC_2
in Dr_Deploy we have AAAA_1, AAAA_2,BBBB_1, BBBB_2, CCCC_1, CCCC_2

if the build job fails total stages should be skipped
in image scan jobs A, B, C if any fails it should skip respective jobs for example image scan job A fails then on Dev A_1, A_2, on stag2 AA_1, AA_2, on Prod AAA_1, AAA_2, on Dr_deploy AAAA_1, AAAA_2
similarly for B and C

passed image scan jobs should go to the next stage and should be able to run manually for their respective jobs on dev, stage, prod, and dr_deploy and at any stage if a job fails their respective jobs from next stag should skip

Hey there,

This should be quite easy.

if the build job fails total stages should be skipped

By design, this requirement is working by default - next stage won’t proceed if any of the jobs from the previous stage has failed.

The rest you can solve simply by using needs keyword. You can define what jobs “need” what and if the prerequisite job fails, the following one won’t be executed. E.g.

job A:
  stage: image_scan
    - echo "image scan A"

job B:
  stage: image_scan
    - echo "image scan B"

job A_1:
  stage: dev
    - "job A"
    - echo "job A_1"

job B_1:
  stage: dev
    - "job B"
    - echo "job B_1"

and so on…

However, it’s worth mentioning that using needs will make your jobs run as soon as possible - as soon as all required jobs are executed, the job is starting, even if it’s in the next stage (by default, first all jobs from one stage needs to finish before ones from the next stage begin). This means, in this example, job B_1 will start as soon as job B is finished (it won’t wait for job A from previous stage to finish, as default behavior).

If you don’t want this behavior, instead of needs you can use dependencies.

For any jobs that should be executed manually, you need to add:

  when: manual

to your job definition.

Hope this helps.

Thank you for your prompt reply

I have one more query

if the image scan job fails respective next stage can only trigger manually after approval from a user/group, if success proceed to the next stages


Huh, that’s a bit harder to achieve. Currently the only possibility I see is using Environment & Deployments Approval options… have a look at docs. Similar situation is discussed on StackOverflow.

Basically you could define an “Environment” and protect it so only specific users can deploy to it (=trigger the job manually)… But I’m not 100% sure if this would work for your use case.