From: Michał Kępień <michal@isc.org>
Date: Mon, 11 May 2026 08:07:38 +0000 (+0200)
Subject: Fix triggering rules for the "publish-cleanup" job
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb40c3463831d5520faf3b9bec1703df2e836684;p=thirdparty%2Fbind9.git

Fix triggering rules for the "publish-cleanup" job

The "publish-cleanup" tag pipeline job is currently created for all
security releases, including BIND -S releases, but it depends on the
"publish" job, which is only created for open source releases.  This
breaks CI configuration for BIND -S tags, preventing pipelines from
getting created for such tags altogether.  Fix by only creating the
"publish-cleanup" job in tag pipelines for open source security
releases.
---

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 07ee9494fc5..bdd71eb601d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -308,6 +308,9 @@ stages:
 .rule_tag_open_source_maintenance: &rule_tag_open_source_maintenance
   - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/ && $RELEASE_TYPE != "security"'
 
+.rule_tag_open_source_security: &rule_tag_open_source_security
+  - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/ && $RELEASE_TYPE == "security"'
+
 .rule_tag_security: &rule_tag_security
   - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $RELEASE_TYPE == "security"'
 
@@ -2028,7 +2031,7 @@ publish-cleanup:
   tags:
     - smalljob
   rules:
-    - *rule_tag_security
+    - *rule_tag_open_source_security
 
 .manual_release_job_qa: &manual_release_job_qa
   <<: *manual_release_job