I have a job to create a release when a tag is created but I also need a rule to only allow it to create a release if the tag was created for the main branch. I'm not sure what I need to do for this?
I've tried this rule however this fails in the pipeline because this command stops it from running for some reason.
rules: - if: $CI_COMMIT_TAG && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH script: You have a misunderstanding on how tags work. Please read though this excellent answer for full explanation, but here's a snippet from it:
It is important to understand that tags have no direct relationship with branches - they only ever identify a commit.
So, when a tag is created, even for a branch, it is not really created for that branch, but as a reference to the latest commit in that branch. That is also why GitLab documentation mentions these:
CI_COMMIT_TAG - The commit tag name. Available only in pipelines for tags.CI_COMMIT_BRANCH - The commit branch name. Available in branch pipelines, including pipelines for the default branch. Not available in merge request pipelines or tag pipelines.So, your pipeline will fail because those two variables can't coexist, so your question becomes a bit problematic.
Maybe you wan't to identify if the commit of the tag is available in the main branch? In theory something like this could help: Git: How to find out on which branch a tag is?, but you cannot run arbitrary git operations in a GitLab rules:if clause.
Not ideal, but your best option is probably to do the check in a script and fail the job in case the tag was not created for a commit that exists in the main branch:
script: - | if [[ -z $(git branch --list $CI_DEFAULT_BRANCH --contains tags/$CI_COMMIT_TAG) ]]; then exit 1 fi Thanks to Teemu for their answer which led me in the right direction for sure. The best result I've gotten is with this snippet.
Script: - git log -1 --pretty='%D' $CI_COMMIT_TAG > tag_info.txt - | if ! grep -q 'origin/master' tag_info.txt; then exit 1 fi This sends the information from the tag I just created to a text file and grep checks if the text file contains the branch I want, if it doesn't the pipeline fails otherwise I can carry on with my release.
I'd like to add the full version of my working variant based on the code above with some clarifications:
before_script: - apk add --no-cache git # if you use image without git - git fetch origin --tags --prune - | if ! git log -1 --pretty='%D' $CI_COMMIT_TAG | grep -q 'origin/master'; then echo "The tag does not belong to the master branch. Aborting build." exit 1 fi rules: # only for tags vMAJOR.MINOR.PATCH(-<comment>) - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+(-[a-zA-Z0-9\-]+)?$/' when: always allow_failure: false This script will check before build/deploy if the current tag refers to the master branch and action will happen when the tag name matches the rule
