gitlab-org--gitlab-foss/doc/ci/merge_request_pipelines/index.md

8.2 KiB

stage group info type last_update
Verify Continuous Integration To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments reference, index 2019-07-03

Pipelines for Merge Requests

Introduced in GitLab 11.6.

In a basic configuration, GitLab runs a pipeline each time changes are pushed to a branch.

If you want the pipeline to run jobs only on commits to a branch that is associated with a merge request, you can use pipelines for merge requests.

In the UI, these pipelines are labeled as detached. Otherwise, these pipelines appear the same as other pipelines.

Any user who has developer permissions can run a pipeline for merge requests.

Merge request page

If you use this feature with merge when pipeline succeeds, pipelines for merge requests take precedence over the other regular pipelines.

Prerequisites

To enable pipelines for merge requests:

Configuring pipelines for merge requests

To configure pipelines for merge requests you need to configure your CI/CD configuration file. There are a few different ways to do this:

Use rules to run pipelines for merge requests

When using rules, which is the preferred method, we recommend starting with one of the workflow:rules templates to ensure your basic configuration is correct. Instructions on how to do this, as well as how to customize, are available at that link.

Use only or except to run pipelines for merge requests

If you want to continue using only/except, this is possible but please review the drawbacks below.

When you use this method, you have to specify only: - merge_requests for each job. In this example, the pipeline contains a test job that is configured to run on merge requests.

The build and deploy jobs don't have the only: - merge_requests keyword, so they don't run on merge requests.

build:
  stage: build
  script: ./build
  only:
    - master

test:
  stage: test
  script: ./test
  only:
    - merge_requests

deploy:
  stage: deploy
  script: ./deploy
  only:
    - master

Excluding certain jobs

The behavior of the only: [merge_requests] keyword is such that only jobs with that keyword are run in the context of a merge request; no other jobs run.

However, you can invert this behavior and have all of your jobs run except for one or two.

Consider the following pipeline, with jobs A, B, and C. Imagine you want:

  • All pipelines to always run A and B.
  • C to run only for merge requests.

To achieve this, you can configure your .gitlab-ci.yml file as follows:

.only-default: &only-default
  only:
    - master
    - merge_requests
    - tags

A:
  <<: *only-default
  script:
    - ...

B:
  <<: *only-default
  script:
    - ...

C:
  script:
    - ...
  only:
    - merge_requests

Therefore:

  • Since A and B are getting the only: rule to execute in all cases, they always run.
  • Since C specifies that it should only run for merge requests, it doesn't run for any pipeline except a merge request pipeline.

This helps you avoid having to add the only: rule to all of your jobs to make them always run. You can use this format to set up a Review App, helping to save resources.

Excluding certain branches

Pipelines for merge requests require special treatment when using only/except. Unlike ordinary branch refs (for example refs/heads/my-feature-branch), merge request refs use a special Git reference that looks like refs/merge-requests/:iid/head. Because of this, the following configuration will not work as expected:

# Does not exclude a branch named "docs-my-fix"!
test:
  only: [merge_requests]
  except: [/^docs-/]

Instead, you can use the $CI_COMMIT_REF_NAME predefined environment variable in combination with only:variables to accomplish this behavior:

test:
  only: [merge_requests]
  except:
    variables:
      - $CI_COMMIT_REF_NAME =~ /^docs-/

Pipelines for Merged Results (PREMIUM)

Read the documentation on Pipelines for Merged Results.

Merge Trains (PREMIUM)

Read the documentation on Merge Trains.

Run pipelines in the parent project for merge requests from a forked project (PREMIUM)

By default, external contributors working from forks can't create pipelines in the parent project. When a pipeline for merge requests is triggered by a merge request coming from a fork:

  • It's created and runs in the fork (source) project, not the parent (target) project.
  • It uses the fork project's CI/CD configuration and resources.

If a pipeline runs in a fork, the fork icon appears for the pipeline in the merge request.

Pipeline ran in fork

Sometimes parent project members want the pipeline to run in the parent project. This could be to ensure that the post-merge pipeline passes in the parent project. For example, a fork project could try to use a corrupted runner that doesn't execute test scripts properly, but reports a passed pipeline. Reviewers in the parent project could mistakenly trust the merge request because it passed a faked pipeline.

Parent project members with at least Developer permissions can create pipelines in the parent project for merge requests from a forked project. In the merge request, go to the Pipelines and click Run Pipeline button.

WARNING: Fork merge requests could contain malicious code that tries to steal secrets in the parent project when the pipeline runs, even before merge. Reviewers must carefully check the changes in the merge request before triggering the pipeline. GitLab shows a warning that must be accepted before the pipeline can be triggered.

Additional predefined variables

By using pipelines for merge requests, GitLab exposes additional predefined variables to the pipeline jobs. Those variables contain information of the associated merge request, so that it's useful to integrate your job with GitLab Merge Request API.

You can find the list of available variables in the reference sheet. The variable names begin with the CI_MERGE_REQUEST_ prefix.

Troubleshooting

Two pipelines created when pushing to a merge request

If you are experiencing duplicated pipelines when using rules, take a look at the important differences between rules and only/except, which helps you get your starting configuration correct.

If you are seeing two pipelines when using only/except, please see the caveats related to using only/except above (or, consider moving to rules).

It is not possible to run a job for branch pipelines first, then only for merge request pipelines after the merge request is created (skipping the duplicate branch pipeline). See the related issue for more details.

Two pipelines created when pushing an invalid CI configuration file

Pushing to a branch with an invalid CI configuration file can trigger the creation of two types of failed pipelines. One pipeline is a failed merge request pipeline, and the other is a failed branch pipeline, but both are caused by the same invalid configuration.