Limit post-push pipelines for autorebased branches

author Michał Kępień <michal@isc.org>

Thu, 21 May 2026 09:13:30 +0000 (11:13 +0200)

committer Michał Kępień <michal@isc.org>

Thu, 21 May 2026 09:31:34 +0000 (11:31 +0200)
author Michał Kępień <michal@isc.org>
Thu, 21 May 2026 09:13:30 +0000 (11:13 +0200)
committer Michał Kępień <michal@isc.org>
Thu, 21 May 2026 09:31:34 +0000 (11:31 +0200)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml

index d1aa7ea7ec0404c0d721c0c91627fff8e38b1977..1627c7e79253141f1c2d4c30228f7afa31b2c9c7 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -311,8 +311,8 @@ stages:
  .rule_source_all: &rule_source_all
    - if: '$CI_PIPELINE_SOURCE =~ /^(api|merge_request_event|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"'
  
-.rule_private_security_branch: &rule_private_security_branch
-  - if: '$CI_COMMIT_BRANCH =~ /^security-(main|bind-9\.[1-9][0-9])$/ && $CI_PROJECT_PATH == "isc-private/bind9" && $REBASE_ONLY != "1"'
+.rule_branch_after_autorebase: &rule_branch_after_autorebase
+  - if: '$CI_PIPELINE_SOURCE == "push" && $AUTOREBASED == "1"'
  
  .api-pipelines-schedules-tags-triggers-web-triggering-rules: &api_pipelines_schedules_tags_triggers_web_triggering_rules
    rules:
@@ -322,7 +322,7 @@ stages:
  .default-triggering-rules_list: &default_triggering_rules_list
    - *rule_tag
    - *rule_source_all
-  - *rule_private_security_branch
+  - *rule_branch_after_autorebase
  
  .default-triggering-rules: &default_triggering_rules
    rules:
@@ -334,7 +334,7 @@ stages:
      - *rule_mr_manual
      - *rule_tag
      - *rule_source_other_than_mr
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
  
  .shell-triggering-rules: &shell_triggering_rules
    rules:
@@ -342,7 +342,7 @@ stages:
      - *rule_mr_manual
      - *rule_tag
      - *rule_source_other_than_mr
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
  
  .python-triggering-rules: &python_triggering_rules
    rules:
@@ -350,7 +350,7 @@ stages:
      - *rule_mr_manual
      - *rule_tag
      - *rule_source_other_than_mr
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
  
  .extra-system-tests-triggering-rules: &extra_system_tests_triggering_rules
    rules:
@@ -746,7 +746,7 @@ clang-format:
      - *rule_mr_manual
      - *rule_tag
      - *rule_source_other_than_mr
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
    script:
      - if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi
      - git diff > clang-format.patch
@@ -886,7 +886,7 @@ coccinelle:
      - *rule_mr_manual
      - *rule_tag
      - *rule_source_other_than_mr
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
    script:
      - util/check-cocci.sh
      - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
@@ -2394,7 +2394,7 @@ stress-test-child-pipeline:
        allow_failure: true
      - *rule_tag
      - if: '$CI_PIPELINE_SOURCE =~ /^(api|pipeline|schedule|trigger|web)$/ && $REBASE_ONLY != "1"'
-    - *rule_private_security_branch
+    - *rule_branch_after_autorebase
    trigger:
      include:
        - artifact: stress-test-configs.yml
@@ -2528,7 +2528,7 @@ merged-metadata:
      - *configure
      - make -j${BUILD_PARALLEL_JOBS:-1} V=1
      - git range-diff --color=always "${BASE_COMMIT}" "${CI_COMMIT_SHA}" HEAD
-    - if ! git push --force-with-lease origin "HEAD:${CI_COMMIT_REF_NAME}"; then touch .git-push-failed; exit 1; fi
+    - if ! git push --force-with-lease -o ci.variable="AUTOREBASED=1" origin "HEAD:${CI_COMMIT_REF_NAME}"; then touch .git-push-failed; exit 1; fi
    after_script:
      - if [ "${CI_JOB_STATUS}" = "success" ]; then exit 0; fi
      - |
author	Michał Kępień <michal@isc.org>
	Thu, 21 May 2026 09:13:30 +0000 (11:13 +0200)
committer	Michał Kępień <michal@isc.org>
	Thu, 21 May 2026 09:31:34 +0000 (11:31 +0200)