Merge automatically when pipeline succeeds never work with review apps/auto_stop_in

ecerulm · January 28, 2021, 2:34pm

I have a pipeline with review apps, so that if $CI_MERGE_REQUEST_ID it will create a new dynamic environment that will auto-stop:

deploy review app:
  stage: deploy
  image: alpine/helm:3.5.0
  dependencies: []
  script:
    - helm -n "$KUBE_NAMESPACE" upgrade
      --install --wait "$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID" chart
      -f helm-reviewapp-values.yaml
      --set-string "ingress.annotations.external-dns\.alpha\.kubernetes\.io/hostname=$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID.reviewapps.example.com."
      --set-string "ingress.host=$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID.reviewapps.example.com"
      --set-string "image=$AWS_REPOSITORY:$CI_PROJECT_NAME.$CI_MERGE_REQUEST_ID"
      --set "deploymentAnnotations.app\.gitlab\.com/app=${CI_PROJECT_PATH_SLUG}"
      --set "deploymentAnnotations.app\.gitlab\.com/env=${CI_ENVIRONMENT_SLUG}"
      --set "podAnnotations.app\.gitlab\.com/app=${CI_PROJECT_PATH_SLUG}"
      --set "podAnnotations.app\.gitlab\.com/env=${CI_ENVIRONMENT_SLUG}"

  environment:
    name: review/$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID
    url: https://$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID.reviewapps.example.com
    on_stop: stop review app
    auto_stop_in: 1 day
  needs:
    - build docker image review app
  rules:
    - if: $CI_MERGE_REQUEST_ID

stop review app:
  stage: cleanup approval
  script: echo approved
  dependencies: []
  environment:
    name: review/$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID
    action: stop
  needs:
    - deploy review app
  rules:
    - if: $CI_MERGE_REQUEST_ID
      when: manual


uninstall helm chart:
  stage: cleanup
  image: alpine/helm:3.5.0
  dependencies: []
  environment:
    name: review/$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID
    action: stop
  script:
    - helm -n "$KUBE_NAMESPACE" uninstall "$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID"
  needs:
    - stop review app
  rules:
    - if: $CI_MERGE_REQUEST_ID

delete ecr image:
  stage: cleanup
  image: amazon/aws-cli:2.1.19
  dependencies: []
  script:
    - aws ecr batch-delete-image --repository-name XXXX --image-ids "imageTag=$CI_PROJECT_NAME.$CI_MERGE_REQUEST_ID"
  needs:
    - stop review app
  rules:
    - if: $CI_MERGE_REQUEST_ID

This pipeline is always “blocked” as the “stop review app” only runs with user intervention.

So it never “succeeds” so it never merges.

Is there a better way to organize the pipeline? As I understand from the Gitlab documentation, you need to have a when: manual jobs for the auto-stop to work.

Is there any way to consider the pipeline “succeeded” when the deploy job finishes?

ecerulm · January 28, 2021, 2:59pm

By the way I tried to set allow_failure: true explicitly in those jobs and the pipeline is still blocked but instead of showing as “blocked” (on the manual step) the pipeline shows as running. But the result is the same the “Merge when pipeline succeeds” does not run.

ecerulm · January 29, 2021, 10:21am

I found that if I have a single stop job, without downstream jobs then the pipeline will advance to passed instead of getting stuck in blocked or running. So since now the pipeline passes the Merge when pipeline succeeds works.

Previously I had a stop job stop review app that did nothing and two downstream jobs uninstall helm chart and delete ecr image , each one using a different docker image (one with helm, and another with the aws-cli tools).

Now I created a single docker image with all the tools needed for the cleanup (helm, aws-cli) and removed the other two jobs so it’s like this:

stop review app:
  image: myorg/cleanuptools:latest
  stage: cleanup approval
  script: echo approved
    - aws ecr batch-delete-image --repository-name XXXX --image-ids "imageTag=$CI_PROJECT_NAME.$CI_MERGE_REQUEST_ID"
    - helm -n "$KUBE_NAMESPACE" uninstall "$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID"
  dependencies: []
  environment:
    name: review/$CI_PROJECT_NAME-$CI_MERGE_REQUEST_ID
    action: stop
  needs:
    - deploy review app
  rules:
    - if: $CI_MERGE_REQUEST_ID
      when: manual


#uninstall helm chart:
#  stage: cleanup
#  image: alpine/helm:3.5.0
# ...

#delete ecr image:
#  stage: cleanup
#  image: amazon/aws-cli:2.1.19
#  ...