Skip to content

Dynamic Child Pipeline (artifact) can't use variables in include definitions

Workaround

See #378717 (comment 2486791289) please use the inputs feature instead

Summary

In a dynamic child pipeline, using variables when defining an include (attributes projet, ref, file) doesn't work. Values of variables are resolved to empty values and so the child pipeline can't start as its syntax is marked as yaml invalid.

Steps to reproduce

  1. Define a simple (non-protected and non-scoped) CICD variable MYLIB_PATH in the project (or parent groups) with the value gitlab-org/gitlab
  2. Create the pipeline definition :
stages:
 - generate
 - build

generate:
  stage: generate
  script:
    - |-
      cat > pipe1.yml <<EOF
      include:
        - project: '\$MYLIB_PATH' # escaped in order to reproduce the variable resolution behavior
          ref: 'master'
          file: '/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml' # example of library
      stages:
        - test
      EOF
  artifacts:
    paths:
      - pipe1.yml

build-pipeline:
  stage: build
  needs: ["generate"]
  trigger:
    include:
        - artifact: pipe1.yml
          job: generate
        #- local: pipe1.yml # if the child pipeline is created in a local file, resolution works
    strategy: depend
    forward:
      pipeline_variables: true # false does not work too
      yaml_variables: true # false does not work too

What is the current bug behavior?

The child pipeline can't start. It is in error, marked as 'yaml invalid' :

Include `{"project":"","ref":"master","file":"/lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml"}` needs to match exactly one accessor!

I had tried without success :

  • adding global variable MYLIB_PATH to the parent pipeline
  • adding global variable MYLIB_PATH to the child pipeline
  • adding job variable to the build-pipeline job (the one triggering the child)

The behavior only happens when the pipeline definition is an artifact. When local file is used, resolution works.

The behavior is the same for any or all of the three attributes of a library include : project, ref, file.

What is the expected correct behavior?

The child pipeline to work with includes.

Relevant logs and/or screenshots

Output of checks

This bug happens on GitLab.com

Possible fixes

Edited by Dov Hershkovitch