Rules: Pipeline executed for other branch than it supposed to


I am trying to trigger CI/CD only for master branch. It used to work for only: tag but I have to use rules:
syntax now. I have this rule:

  stage: build
    - echo "I'm in the branch $CI_COMMIT_BRANCH $CI_COMMIT_MESSAGE"
    - docker pull hadolint/hadolint
    - docker run --rm -i hadolint/hadolint < ./manager/swarm.Dockerfile
    - env
    - if: $CI_COMMIT_BRANCH == "master"
      if: $CI_COMMIT_MESSAGE !~ /skip-build/

and it should be triggered only in branch master. However, this is what I sometimes see in the log:

Executing "step_script" stage of the job script
$ echo "I'm in the branch $CI_COMMIT_BRANCH $CI_COMMIT_MESSAGE"
I'm in the branch dependabot/npm_and_yarn/prismjs-1.21.0 Bump prismjs from 1.20.0 to 1.21.0
Bumps [prismjs]( from 1.20.0 to 1.21.0.

What was wrong here? Why this is triggered?

I’m running

Kind regards,

Hi Michal,
the if rules are evaluated with an or condition: as soon as one matches, the job is executed.

From the documentation

Rules are evaluated in order until the first match. When matched, the job is either included or excluded from the pipeline, depending on the configuration.

What you want to do is exclude the job when the branch is the master:

    - if: $CI_COMMIT_BRANCH != "master"
      when: never
    - if: $CI_COMMIT_MESSAGE !~ /skip-build/
1 Like