Using git push options fails to create CI variables

Using git push options fails to create CI variables

Describe your question in as much detail as possible:

  • We followed the documentation here: (https://docs.gitlab.com/ee/user/project/push_options.html) to create Environment Variables via git push options.

  • We followed the advice in the Note here: (https://docs.gitlab.com/ee/user/project/push_options.html) regarding switching to the new rules syntax for job policies

  • We are trying to use the variables created via the push option in one pipeline phase in a policy in another pipeline phase

  • What version are you on? Are you using self-managed or GitLab.com? self-managed

    • GitLab (Hint: /help): 12.5.1-ee
    • Runner (Hint: /admin/runners): 12.7.1
  • Add the CI configuration from .gitlab-ci.yml and other configuration if relevant (e.g. docker-compose.yml)

Here’s the the job which should create the variable:

update_deployments:
  stage: update-deployments
  tags:
    - fire-docker-deploy
  before_script:
    *git_config
  script:
    - echo "$GIT_CRYPT_KEY" | base64 -d | git-crypt unlock -
    - cd deploy/variants/$CI_ENVIRONMENT_NAME
    - kustomize edit set image t4=gitlab-host:5005/fire-dev/t4:$VERSION
    - kustomize edit set image t4-ro=gitlab-host:5005/fire-dev/t4:$VERSION
# we've already set the new version for the canary deployment in the target resource, here we're just updating the manifest. Therefore the following 'apply' shouldn't effect the canary pod(s)
    - kustomize edit set image t4-canary=gitlab-host:5005/fire-dev/t4:$VERSION
    - cd -
    - git add .
    - git commit -m "pipeline commit:$CI_ENVIRONMENT_NAME-update-resources."
    - 'git push -o ci.variable="CI_BUILD_AND_TEST_ONLY=build_and_test_only" $GIT_REMOTE_NAME HEAD:${CI_COMMIT_REF_NAME}'
    - kustomize build deploy/variants/$CI_ENVIRONMENT_NAME | kubectl apply -f -
  after_script:
    *git_clean
  image:
    name: gitlab-host:5005/fire-dev/t4/kubehelper:$KUBEHELPER_VERSION
  environment:
    name: $ENVIRONMENT_NAME
  rules:
    - if: '$UPDATE_DEPLOYMENT == "true"' #set by watch-canary-job script
      when: always

And one of the jobs which shouldn’t be run based on the policies using the push option variable:

tag-version-dev:
  stage: tag-version
  tags:
    - fire-docker-release
  before_script:
    *git_config
  script:
    - git tag $VERSION
    - git push -o ci.skip $GIT_REMOTE_NAME --tags
  after_script:
    *git_clean
  image:
    name: alpine/git:1.0.7
    entrypoint: [""]
  rules:
    - if: '$CI_PIPELINE_TRIGGERED'
      when: never
    - if: '$CI_BUILD_AND_TEST_ONLY == "build_and_test_only"'
      when: never
    - if: '$CI_COMMIT_REF_NAME == "dev"'
      when: on_success
  • Unfortunately the above job is created and run despite the policy

  • The reason for the peculiarly named variable and value is because we have Environment Variables masked by default so we wanted to create a value longer than 8 characters long in case that was the problem

  • We have debugging set to true and it shows that the push option Environment Variable is never created, so obviously can not be used in job policies

What are we doing wrong?

Thanks

S