Integration External CI Tools - wait for external stage (i.e. Teamcity)

GitLab CI/CD
#1

Cheers Community,

we are currently using a Teamcity testing pipeline for most of our projects which is connected to gitlab via the oob integration.

Works fine so far, new commits trigger testruns in teamcity, pipeline-job is added to the commit as ‘external’ with the correct state (pending/finished/failed).

I added gitlab-ci to the project for some basic security scans and later on maybe some autodeploy.

The problem i run into is that the external pipeline - while shown like a stage - is not linked to the gitlab-ci stages at all ?

I’d like to query some artifacts from the external CI Pipeline (coverage), however that can only happen after that external pipeline has ended.

Infos:

Gitlab:

  • self-manged
  • Gitlab EE
  • 14.5.2
  • via docker

Runners:

  • 14.5.0

gitlab-ci.yml

variables:
  SAST_EXCLUDED_ANALYZERS: "brakeman,flawfinder,semgrep,spotbugs,nodejs-scan"

stages:
- scan
- test
- external
- final

sast:
  stage: scan
include:
- template: Security/SAST.gitlab-ci.yml

trivy:
  stage: scan
  image:
    name: aquasec/trivy
    entrypoint: [""]
  script:
    - /usr/local/bin/trivy conf --exit-code=1 ./
    - /usr/local/bin/trivy fs --exit-code=1 ./

read_coverage:
  stage: final
  script:
    - "apk add curl"
    - "STATUS=404"
    - |
      while [ $STATUS -eq 404 ]; do
          sleep 10
          STATUS=$(curl -Is --header "Authorization: Bearer ${TC_ACCESS_TOKEN}" ${TC_BASE_URL}/app/rest/builds/branch:${CI_COMMIT_BRANCH},revision:${CI_COMMIT_SHA},state:finished,lookupLimit:500/status | head -n 1|cut -d$' ' -f2)
      done
    - "curl --header \"Authorization: Bearer ${TC_ACCESS_TOKEN}\" ${TC_BASE_URL}/app/rest/builds/branch:${CI_COMMIT_BRANCH},revision:${CI_COMMIT_SHA},state:finished,lookupLimit:500/artifacts/content/coverage-integration.txt"
  coverage: '/^\s*Lines:\s*\d+.\d+\%/'

As seen above read_coverage now pokes Teamcity every 10 seconds if the commit has already finished. If that’s the case we query the coverage artifact and parse it.

I added ‘test’ and ‘external’ stage to block ‘read_coverage’ from running before others are finished.

Also moving ‘read_coverage’ to the ‘.post’ stage did not do the trick.

Current behavior:

‘read_coverage’ is run right after the ‘scans’ stage is successful

Expected behavior:

‘read_coverage’ is run after the external jobs has run successful

How to i keep both CI Tools in sync ?

Regards