I have a job in a child pipeline that is consistently missing from my pipelines. I cannot work out why it disappears.
There are no except/only or rules on the job, but sometimes its there and sometimes it’s not.
the child pipeline is triggered like this - its always triggered correctly, here there doesn’t seem to be a problem
check_terraform_plan:
rules:
- if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "next"'
exists: *terraform_exists
variables:
WORKSPACE_BASE: dev
WORKSPACE_ENV: dev
- if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
exists: *terraform_exists
variables:
WORKSPACE_BASE: main
WORKSPACE_ENV: main
- if: '$CI_COMMIT_BRANCH == "next"'
exists: *terraform_exists
variables:
WORKSPACE_BASE: main
WORKSPACE_ENV: main
needs: []
trigger:
include:
- project: "smartsuite/automation-configs"
file: gitlab-ci-plan.yml
ref: $AUTOMATION_CONFIGS_REF
strategy: depend
the child pipeline yaml (gitlab-ci-plan.yml) is
default:
image: $NODE_IMAGE
interruptible: true
variables:
HUSKY: "0"
TF_INPUT: "0"
TF_IN_AUTOMATION: "1"
TF_CLI_CONFIG_FILE: "$CI_PROJECT_DIR/.terraformrc"
WORKSPACE_BASE: $CI_COMMIT_REF_SLUG
WORKSPACE_ENV: $CI_COMMIT_REF_SLUG
NODE_APK_ADD: ""
NODE_VERSION: "14"
NODE_IMAGE: "node:$NODE_VERSION-alpine"
NODE_RUNNER_TAG: ""
.node_cache: &node_cache
key:
files:
- package-lock.json
paths:
- .npm/
.node_before_script: &node_before
- |
[ "$NODE_APK_ADD" != "" ] && apk add --no-cache $NODE_APK_ADD
- npm config set -- "${CI_API_V4_URL#https?}/packages/npm/:_authToken" "${CI_JOB_TOKEN}"
- npm ci --cache "$CI_PROJECT_DIR/.npm" --prefer-offline --unsafe-perm
.terraform_image: &terraform_image
name: hashicorp/terraform:1.3.6
entrypoint: ["/bin/sh", "-c"]
.terraform_before: &terraform_before
- cd iac/
- echo -e "credentials \"$CI_SERVER_HOST\" {\n token = \"$CI_JOB_TOKEN\"\n}" > $TF_CLI_CONFIG_FILE
- terraform init
- |
export TF_WORKSPACE="${WORKSPACE_BASE:0:24}$([ ${#WORKSPACE_BASE} -ge 24 ] && echo "$WORKSPACE_BASE" | sha1sum | head -c 4)"
echo "TF_WORKSPACE: $TF_WORKSPACE"
.terraform_cache: &terraform_cache
key:
files:
- iac/.terraform.lock.hcl
paths:
- "iac/.terraform/"
build:
rules:
- exists:
- src/**/*
- projects/**/*
needs: []
environment:
name: $WORKSPACE_ENV
action: prepare
cache: *node_cache
tags:
- $NODE_RUNNER_TAG
before_script: *node_before
script:
- npm run build
artifacts:
paths:
- build/
- dist/
- lib/
plan:
image: *terraform_image
environment:
name: $WORKSPACE_ENV
action: prepare
variables:
TF_VAR_commit_id: $CI_COMMIT_SHORT_SHA
needs:
- job: build
optional: true
interruptible: false
resource_group: tf/$WORKSPACE_BASE
cache: *terraform_cache
before_script:
- # https://docs.gitlab.com/ee/user/infrastructure/index.html#output-terraform-plan-information-into-a-merge-request
- apk add --no-cache jq
- alias convert_report="jq -r '([.resource_changes[]?.change.actions?]|flatten)|{\"create\":(map(select(.==\"create\"))|length),\"update\":(map(select(.==\"update\"))|length),\"delete\":(map(select(.==\"delete\"))|length)}'"
- *terraform_before
script:
- terraform plan -out "planfile"
- terraform show --json "planfile" | convert_report > "planfile.json" || true
artifacts:
reports:
terraform: iac/planfile.json
As you see, there are two jobs here, build and plan
build always runs, that’s fine but plan doesn’t show when running on a feature branch
for other MRs feature → next it doesn’t even show up
for the MR next → main, the job plan appears and runs
I really don’t understand what’s going on, as there are no rules, on the job, how does it just disappear for feature branches