gitlab-ci.yml jobs:build-production config key may not be used with `rules`: only

Question

I am having a syntax error when I test my gitlab-ci.yml in CI Lint. Can someone suggest a solution to this problem?

build-production:
  stage: build
  only:
    - master
  image:
    name: gcr.io/kaniko-project/executor:debug
    entrypoint: [""]
  script:
    - mkdir -p /kaniko/.docker
    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
  rules:
    - if: $CI_COMMIT_TAG

Status: syntax is incorrect 

jobs:build-production config key may not be used with `rules`: only

Answer 1

Documentation is pretty clear :

rules replaces only/except and they can’t be used together in the same job. If you configure one job to use both keywords, the linter returns a key may not be used with rules error.

I suggest to use rules: for both of your conditions :

rules:
  - if: '$CI_COMMIT_REF_NAME == "master" && $CI_COMMIT_TAG'

Answer 2

This is not correct, unless you would create a tag master.

See: https://gitlab.sron.nl/help/ci/variables/predefined_variables.md

CI_COMMIT_REF_NAME
The branch or tag name for which project is built.

There is a workaround described here: Gitlab CI: Run Pipeline job only for tagged commits that exist on protected branches