From bedff8bbf87b5e77e66cbd34fdc08103f2cac8e5 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Sun, 5 May 2024 19:48:18 +0200
Subject: [PATCH] fix(workflow): disable MR pipeline from prod & integ branches

Today creating a backmerge MR from prod or integ branch to any other branch triggers a pipeline
even though no change has been pushed.
Ultimately those pipelines might (re)trigger integration or production environment deployment and/or packages publication.
That might have unexpected consequences.
This change simply disables MR pipeline from prod & integ branches, enforcing branch pipelines only (i.e. when a true commit is pushed).
---
 templates/gitlab-ci-docker-compose.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/templates/gitlab-ci-docker-compose.yml b/templates/gitlab-ci-docker-compose.yml
index 5bfb94e..16a647d 100644
--- a/templates/gitlab-ci-docker-compose.yml
+++ b/templates/gitlab-ci-docker-compose.yml
@@ -102,8 +102,11 @@ spec:
 # default workflow rules: Merge Request pipelines
 workflow:
   rules:
-    # prevent branch pipeline when an MR is open (prefer MR pipeline)
-    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+    # prevent MR pipeline originating from production or integration branch(es)
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $PROD_REF || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $INTEG_REF'
+      when: never
+    # on non-prod, non-integration branches: prefer MR pipeline over branch pipeline
+    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
       when: never
     - if: '$CI_COMMIT_MESSAGE =~ "/\[(ci skip|skip ci) on ([^],]*,)*tag(,[^],]*)*\]/" && $CI_COMMIT_TAG'
       when: never
-- 
GitLab