When running a CICD pipeline witch remote definitions, a tag build triggers another pipeline run that fails with “Project X not found or access denied”
The repo (lets call it project Y) that triggers the build has a very limited cicd definitions file that calles the actual cicd definition via an include. This works perfectly for the initial build, either manual or via merge, but it fails after that tag is created.
A tag actually should not trigger the pipeline at all, but the workflow rules are also defined in project X and are not loaded.
Project Y .gitlab-ci.yml
variables: TRIGGER_PROJECT: $CI_PROJECT_PATH TRIGGER_PROJECT_BRANCH: $CI_COMMIT_REF_NAME stages: - start - trigger start_job: stage: start script: - echo "Running in $TRIGGER_PROJECT, on branch $TRIGGER_PROJECT_BRANCH" include: - project: 'path_to_project\X' ref: main file: '/.gitlab-ci/code-repo/trigger-pipeline.yaml'
Project X trigger-pipeline.yaml
variables: BUILD_TRIGGER: 'default' BUILD_PIPELINE_NAME: 'Pipeline build for ESB' workflow: name: '$BUILD_PIPELINE_NAME' rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' variables: BUILD_TRIGGER: 'Merge to main' BUILD_PIPELINE_NAME: 'Pipeline build for $TRIGGER_PROJECT, merge from $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME to $CI_MERGE_REQUEST_TARGET_BRANCH_NAME' when: always - if: '$CI_PIPELINE_SOURCE == "web"' variables: BUILD_TRIGGER: 'Manual start' BUILD_PIPELINE_NAME: 'Manual build for $TRIGGER_PROJECT from $TRIGGER_PROJECT_BRANCH' when: always - when: never trigger: stage: trigger trigger: project: 'path_to_project/X' branch: main strategy: depend forward: yaml_variables: true pipeline_variables: true
When checking the full configuration from project Y, it resolves the dependencies perfectly
It’s just when the build is triggered by the tag that it failes. Almost like it uses other credentials.