From: Petr Špaček Date: Thu, 30 Jan 2025 10:24:59 +0000 (+0100) Subject: Do not trigger post-merge jobs for cross-project pushes X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbd2de2b40e28cedcc4b847cce88cc974521f5b0;p=thirdparty%2Fbind9.git Do not trigger post-merge jobs for cross-project pushes We need to avoid double-triggering of post-merge jobs in the following scenario: 1. A private MR gets merged into the private BIND 9 repository. 2. This merge operation triggers a "push" pipeline in the private repository, which correctly runs post-merge jobs, e.g. to set MR metadata in the private project. 3. When a release is published, a script is run to change the automatically assigned milestone value ("Not released yet") to something else. 4. Shortly afterwards, the result of the merge from step 1 is merged back into a maintenance branch in the public repository. 5. The push operation triggers another "push" pipeline, this time in the public project. At this point there are two problems: - If the script is dumb (like it currently is), it will extract the merge request ID from the merge commit description and change the milestone for a merge request in the wrong project namespace. - Even if the script was fixed to extract and use the correct GitLab project reference, it would reset the milestone for the merge request in the private repository back to "Not released yet" - while the milestone set in step 3 should be retained. An alternative would be to change the order of operations so that post-release milestoning happens at a later stage, while also fixing the script to correctly follow cross-project references, but that approach seems more fragile than simply failing on all cross-project pushes. The rule to enforce is: each project should only take care of its own post-merge tasks. (cherry picked from commit 60140607740bf8e07c0f223c18798bef36ef439c) --- diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4da726f83e8..cb73c818c78 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -967,10 +967,10 @@ abi-check: - set +o pipefail; git log --format='%H' | grep --silent "$CI_COMMIT_BEFORE_SHA" && PREVIOUS_TIP_REACHABLE=1 - test "$PREVIOUS_TIP_REACHABLE" != "1" && echo "force-push detected, stop" && exit 1 # non-fast-forward merges are disabled so we have to have merge commit on top - - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e 's/^See merge request [^!]\+!//p')" + - MERGE_REQUEST_ID="$(git log -1 --format='%b' | sed --silent -e "s|^See merge request ${CI_PROJECT_PATH}\!||p")" - > - : stop if this is not a merge request - - test "$MERGE_REQUEST_ID" -ge 0 + : stop if this is not a merge request in the current project's namespace + - test -n "$MERGE_REQUEST_ID" - git clone --depth 1 https://gitlab.isc.org/isc-projects/bind9-qa.git merged-metadata: