When running a CICD pipeline witch remote definitions, a tag build triggers another pipeline run that fails with “Project X not found or access denied”
The repo (lets call it project Y) that triggers the build has a very limited cicd definitions file that calles the actual cicd definition via an include. This works perfectly for the initial build, either manual or via merge, but it fails after that tag is created.
A tag actually should not trigger the pipeline at all, but the workflow rules are also defined in project X and are not loaded.
Project Y .gitlab-ci.yml
variables:
TRIGGER_PROJECT: $CI_PROJECT_PATH
TRIGGER_PROJECT_BRANCH: $CI_COMMIT_REF_NAME
stages:
- start
- trigger
start_job:
stage: start
script:
- echo "Running in $TRIGGER_PROJECT, on branch $TRIGGER_PROJECT_BRANCH"
include:
- project: 'path_to_project\X'
ref: main
file: '/.gitlab-ci/code-repo/trigger-pipeline.yaml'
Project X trigger-pipeline.yaml
variables:
BUILD_TRIGGER: 'default'
BUILD_PIPELINE_NAME: 'Pipeline build for ESB'
workflow:
name: '$BUILD_PIPELINE_NAME'
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"'
variables:
BUILD_TRIGGER: 'Merge to main'
BUILD_PIPELINE_NAME: 'Pipeline build for $TRIGGER_PROJECT, merge from $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME to $CI_MERGE_REQUEST_TARGET_BRANCH_NAME'
when: always
- if: '$CI_PIPELINE_SOURCE == "web"'
variables:
BUILD_TRIGGER: 'Manual start'
BUILD_PIPELINE_NAME: 'Manual build for $TRIGGER_PROJECT from $TRIGGER_PROJECT_BRANCH'
when: always
- when: never
trigger:
stage: trigger
trigger:
project: 'path_to_project/X'
branch: main
strategy: depend
forward:
yaml_variables: true
pipeline_variables: true
When checking the full configuration from project Y, it resolves the dependencies perfectly
It’s just when the build is triggered by the tag that it failes. Almost like it uses other credentials.