Fix triggering rules for the "publish-cleanup" job

The "publish-cleanup" tag pipeline job is currently created for all
security releases, including BIND -S releases, but it depends on the
"publish" job, which is only created for open source releases.  This
breaks CI configuration for BIND -S tags, preventing pipelines from
getting created for such tags altogether.  Fix by only creating the
"publish-cleanup" job in tag pipelines for open source security
releases.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 07ee9494fc5532694b14b696eaad9aa2791ddf30..bdd71eb601de4995c3d506552abf972c572dd559 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -308,6 +308,9 @@ stages:
 .rule_tag_open_source_maintenance: &rule_tag_open_source_maintenance
   - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/ && $RELEASE_TYPE != "security"'
 
+.rule_tag_open_source_security: &rule_tag_open_source_security
+  - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/ && $RELEASE_TYPE == "security"'
+
 .rule_tag_security: &rule_tag_security
   - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $RELEASE_TYPE == "security"'
 
@@ -2028,7 +2031,7 @@ publish-cleanup:
   tags:
     - smalljob
   rules:
-    - *rule_tag_security
+    - *rule_tag_open_source_security
 
 .manual_release_job_qa: &manual_release_job_qa
   <<: *manual_release_job