We've got following on-prem scenario: Devs working in Bitbucket on Apps, Ops working in Gitlab for "Gitops" things. We'd like to automate builds and deployment via our Gitlab pipeline and looking for ways to implement. The build part already works. But we'd like to distinguish between branches - not every branch should be deployed - especially production would be manually deployed.
Since the webhook contains the branch I've tried to set in deployment stage:
only:
- dev
as well as
rules:
- if: '$TOKEN_BRANCH != $PROD_BRANCH'
But in both ways the deployment pipeline is still triggered.
Two workarounds came in my mind:
One option would be to mirror the bitbucket repository via "post commit hook" - but on one hand this plugin is with costs and on the other hand you need a second plugin for the mirroring - and the only I can find isn't maintained any longer.
Second option would be to license Gitlab Ultimate to be able to use "pull mirroring" which could also be triggered via Bitbucket webhook.
Since we have no use on repository mirroring and the only use case would be to be able to use the Gitlab pipeline on a "local repository" where all the above ways to differ the branch for deployment should work - I'd prefer to find a way with already available ressources.
Happy to hear your thoughts about this!
EDIT: parts of the pipeline:
variables:
PROD_BRANCH: main
before_script:
- TOKEN_BRANCH=$(cat $TRIGGER_PAYLOAD | jq -r '.changes[0].ref.displayId')
deploy:
stage: deploy
tags:
- openshift
rules:
- if: $TOKEN_BRANCH != $PROD_BRANCH
- echo $TOKEN_BRANCH returns "main".
- in rules: this part of the pipeline is only triggered if the following statement is true.
- Since "main == main" and not "!=" the "deploy" stage of the pipeline shouldn't be executed. But it is...
several variants
rules:
- if: '$TOKEN_BRANCH !~ $PROD_BRANCH'
rules:
- if: '$TOKEN_BRANCH =~ $PROD_BRANCH'
when: never
in these cases the opposite happens - the pipeline never has a deploy stage - it even does not show the stage in "pipelines" view in Gitlab.
Found a working solution:
After "rules" did not work I use now a "if loop" in the script part of the deployment stage. So the deployment stage is triggered everytime but the logic (= the deployment) is only done if the token contains the respective stage.