GitLab CI/CD: Trigger pipeline only when a specific file have changed

Question

I am running compliance scans against directories where a commit is done on a terragrunt.hcl file.

I would like the pipeline from my . gitlab-ci.yaml to be triggered if and only if a commit to this specific file “terragrunt.hcl” within a directory and its sub-directories have changed. Is there a way to do this with gitlab's ci/cd tooling or would it be easier just to run a custom build script?

This one-liner bash below does what I want but the issue with that is that it still triggers the pipeline with any commits when I just want the build on that specific terragrunt.hcl only.

for i in $(git diff-tree --no-commit-id --name-only -r $CI_COMMIT_SHA | xargs -n 1 dirname | uniq); do cd /scripts && ./run.sh /path/to/$i; done

I found this resource: GitLab CI/CD: Run jobs only when files in a specific directory have changed and still running some test on it but I would appreciate any additional help please!!! I am very close !!

Answer 1

Since Gitlab version 11.4, the only and except keywords accept a parameter changes that lets you define a job that only runs when one of the listed files has changed. So for your example, a job might look like this:

compliance_job:
  stage: compliance
  only:
    changes:
      - terragrunt.hcl
  script:
    - ./compliance_check.sh

This means that the complaince_job job will only be added to a pipeline if the file terragrunt.hcl has changed.

In Gitlab version 12.3, the rules keyword was introduced that allows finer control of when a job is added to a pipeline or not. It allows you to do things like:

compliance_job:
  stage: compliance
  rules:
    - if: $CI_COMMIT_MESSAGE ~= /compliance/ || $CI_COMMIT_REF_NAME == "main"
      changes:
        - terragrunt.hcl
      when: always
  script:
    - ./compliance_check.sh

This means that the compliance_job job will be added to the pipeline if the commit message contains the word compliance or the branch or tag is main, and the terragrunt.hcl file changed. If neither of the if conditions is true, or if the terragrunt.hcl file didn't change, the job won't run.

Here's another way to use the rules keyword to check for changes but without checking other conditionals:

compliance_job:
  stage: compliance
  rules:
    - changes:
        - terragrunt.hcl
        - file1.txt
        - file2.txt
        - path/to/file3.txt
      when: always
  script:
    - ./compliance_check.sh

In this example, the job will run if any of the files listed have changed in the latest commit, but we don't have to have an "if" along with it.

You can read about the only: changes keyword here: https://docs.gitlab.com/ee/ci/yaml/#onlychangesexceptchanges

And the rules: if and rules:changes are here: https://docs.gitlab.com/ee/ci/yaml/#rules and here: https://docs.gitlab.com/ee/ci/yaml/#ruleschanges