Parent Pipeline has python script; Application pipeline execution getting parent pipeline python script

Parent Pipeline script cannot access file at time of running the child pipeline

Question:

  • Is there a way to reference a file that is in Repo A (Parent Pipeline), when Repo B pipeline is ran?
  • How can I get to RepoA/testfile.py

Environment:

Repo A

parent.gitlab-ci.yml*
testpython.py

parent.gitlab-ci.yml

verifyVulnerabilities:
stage: Verify
image: python:latest
script:
- ls -al
- python testpython.py

Repo B

just another application repo
gitlab ci-cd settings uses parent pipeline (this calls the parent pipeline successfully); parent.gitlab-ci.yml@namespace/RepoA/

During the job execution I am presented with the following message

python: can’t open file ‘/builds/RepoB/testfile.py’: [Errno 2] No such file or directory

To answer my own question, I was unable to figure out a way to access the file from the pipeline as I originally intended.

I have figured out that I can just wget the file instead. I would have hoped that there was a general way to include files from the parent pipeline repository within the gitlab-ci.yml file that we would be working in.

curl -k --header “PRIVATE-TOKEN: ${GLToken}” https://gitlab.example.coml/api/v4/projects/[projectid]/repository/files/testpython.py/raw?ref=master > testpython.py

Or the other option might be to use Git to checkout the repo, or add repo B as a submodule to repo A, but GitLab doesn’t have a way to access random files in other repos AFAIK.

We can’t add repo B as a sub module since our goal is to have a parent pipeline that is the same in all projects that will run our baseline scans. Our parent pipeline cannot be aware of any child pipelines. All we do to call child pipelines is at the end of the parent pipeline we call the default child pipeline that is present in the repo.

Checking out the whole repo of repo A was an option, but I felt a bit much considering the task. Trying to keep this process as quick as possible, I assumed that the child pipeline (that is calling the parent) had access to the parent child repo out of the box, and that is not the case. I was glad to find out this worked but it just feels like if the child repo is calling the parent, then the parent pipeline yaml file should be able to access resources of the repo it lives in.