Hello,
How do I have GitLab cleanup after my Job? It looks like you can’t have before_script and after_script for each job. But I can’t imagine that the only way to ensure a pipline failure is cleaned up is by hand…?
Essentially what I’m looking for is, I have a .gitlab-ci.yml file that looks something like this:
stages:
- build
- publish
- verify
...
Verify Application:
stage: verify
script:
- terraform apply -auto-approve
- for ip in $(terraform output -json instance-ips | jq '.value[]'); do inspec ssh://foo@${ip} inspec/tests ; done
- terraform destroy -auto-approve
This works WONDERFULLY when my inspec tests pass.
However, when my inspec tests fails, it leaves instances running in AWS, which as we all know can quickly cost a lot. Our current workflow is effectively “run job through pipeline, wait for it to finish, log into AWS and ensure no extra nodes exist”, which in my opinion, kinda defeats the purpose of a pipeline.
What I really want is:
Verify Application:
stage: verify
script:
- terraform apply -auto-approve
- for ip in $(terraform output -json instance-ips | jq '.value[]'); do inspec ssh://foo@${ip} inspec/tests ; done
run_this_script_regardless_of_success_or_failure_of_script_above:
- terraform destroy -auto-approve
(But GitLab throws an error about not understanding what run_this_script_regardless_of_success_or_failure_of_script_above is 
)
Because this is the only phase that is running terraform commands, it doesn’t make sense (and in fact could potentially break other builds) if we run terraform destroy in an after_script which runs after every phase… I guess worst case scenario I could do an after_script and test if phase is verify…? something like: [[$CI_PHASE == verify]] && terraform destroy
So GitLab gurus, is there any way to achieve a “cleanup” or “post” script that runs regardless of the success or failure of my script in a job, per job. I’m probably not googling the right thing, but I’m stumped.
Thanks!
- Q
