I am running compliance scans against directories where a commit is done on a terragrunt.hcl
file.
I would like the pipeline from my . gitlab-ci.yaml
to be triggered if and only if a commit to this specific file “terragrunt.hcl
” within a directory and its sub-directories have changed. Is there a way to do this with gitlab's ci/cd tooling or would it be easier just to run a custom build script?
This one-liner bash below does what I want but the issue with that is that it still triggers the pipeline with any commits when I just want the build on that specific terragrunt.hcl
only.
for i in $(git diff-tree --no-commit-id --name-only -r $CI_COMMIT_SHA | xargs -n 1 dirname | uniq); do cd /scripts && ./run.sh /path/to/$i; done
I found this resource: GitLab CI/CD: Run jobs only when files in a specific directory have changed and still running some test on it but I would appreciate any additional help please!!! I am very close !!
Since Gitlab version 11.4, the only
and except
keywords accept a parameter changes
that lets you define a job that only runs when one of the listed files has changed. So for your example, a job might look like this:
compliance_job:
stage: compliance
only:
changes:
- terragrunt.hcl
script:
- ./compliance_check.sh
This means that the complaince_job
job will only be added to a pipeline if the file terragrunt.hcl
has changed.
In Gitlab version 12.3, the rules
keyword was introduced that allows finer control of when a job is added to a pipeline or not. It allows you to do things like:
compliance_job:
stage: compliance
rules:
- if: $CI_COMMIT_MESSAGE ~= /compliance/ || $CI_COMMIT_REF_NAME == "main"
changes:
- terragrunt.hcl
when: always
script:
- ./compliance_check.sh
This means that the compliance_job
job will be added to the pipeline if the commit message contains the word compliance
or the branch or tag is main
, and the terragrunt.hcl
file changed. If neither of the if
conditions is true, or if the terragrunt.hcl
file didn't change, the job won't run.
Here's another way to use the rules
keyword to check for changes but without checking other conditionals:
compliance_job:
stage: compliance
rules:
- changes:
- terragrunt.hcl
- file1.txt
- file2.txt
- path/to/file3.txt
when: always
script:
- ./compliance_check.sh
In this example, the job will run if any of the files listed have changed in the latest commit, but we don't have to have an "if" along with it.
You can read about the only: changes
keyword here: https://docs.gitlab.com/ee/ci/yaml/#onlychangesexceptchanges
And the rules: if
and rules:changes
are here: https://docs.gitlab.com/ee/ci/yaml/#rules and here: https://docs.gitlab.com/ee/ci/yaml/#ruleschanges
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With