I have a CI config file (like mentioned below), in that file I have only mentioned to run the pipeline on specific branch i.e.,
test. It is working as expected for all the users who has access to the repo with developer role; but only for specific user if they are pushing their code on any branch a failed pipeline is being generated. This uses also has the same developer role as others
- I am using GitLab.com and the version is as below*
- GitLab: 14.4.0-pre
- Runner: 14.3.0-rc1
Here are few screenshot for the same
stages: - buildimg - gkedeploy variables: _GCR_HOSTNAME: us.gcr.io _IMAGE_TAG: $_GCR_HOSTNAME/$PROJECT_ID/$CI_PROJECT_PATH:$CI_COMMIT_REF_SLUG _K8S_NAMESPACE: my-app Build Docker Image: image: docker:stable stage: buildimg when: manual environment: $CI_COMMIT_REF_NAME only: - development - test - main services: - docker:dind before_script: - docker --version - echo $_IMAGE_TAG - echo $GCR_MANAGER_KEY | docker login -u _json_key --password-stdin https://$_GCR_HOSTNAME script: # Build and tag image for GCR - docker build -t $_IMAGE_TAG . # Push image to GCR - docker push $_IMAGE_TAG after_script: - docker logout .prepare_step: &prepare_step - echo $_IMAGE_TAG # Replacing the Namespace token with correct value - sed -i "s#__K8S_NAMESPACE__#$_K8S_NAMESPACE#" ./k8s/namespace.yml Deploy in Google Kubernetes Engine: image: google/cloud-sdk stage: gkedeploy when: manual environment: $CI_COMMIT_REF_NAME only: - development - test - main before_script: - *prepare_step script: - echo $SERVICE_ACCOUNT > /tmp/$CI_PIPELINE_ID.json - gcloud auth activate-service-account --key-file /tmp/$CI_PIPELINE_ID.json - gcloud config set project $PROJECT_ID - gcloud config set compute/zone $COMPUTE_ZONE - gcloud container clusters get-credentials $GKE_CLUSTER - kubectl apply -f ./k8s/namespace.yml after_script: - rm /tmp/$CI_PIPELINE_ID.json
It will be helpful for me if someone point out how to prevent it.