From e32e815f6aa487edf0c25112cc6173bbd1ce0ad2 Mon Sep 17 00:00:00 2001
From: Pierre Smeyers <pierre.smeyers@gmail.com>
Date: Sun, 5 May 2024 19:52:50 +0200
Subject: [PATCH] fix(workflow): disable MR pipeline from prod & integ branches

Today creating a backmerge MR from prod or integ branch to any other branch triggers a pipeline
even though no change has been pushed.
Ultimately those pipelines might (re)trigger integration or production environment deployment and/or packages publication.
That might have unexpected consequences.
This change simply disables MR pipeline from prod & integ branches, enforcing branch pipelines only (i.e. when a true commit is pushed).
---
 templates/gitlab-ci-renovate.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/templates/gitlab-ci-renovate.yml b/templates/gitlab-ci-renovate.yml
index b9b0408..6eea5a5 100644
--- a/templates/gitlab-ci-renovate.yml
+++ b/templates/gitlab-ci-renovate.yml
@@ -25,8 +25,11 @@ spec:
 ---
 workflow:
   rules:
-    # prevent branch pipeline when an MR is open (prefer MR pipeline)
-    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+    # prevent MR pipeline originating from production or integration branch(es)
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $PROD_REF || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $INTEG_REF'
+      when: never
+    # on non-prod, non-integration branches: prefer MR pipeline over branch pipeline
+    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
       when: never
     - if: '$CI_COMMIT_MESSAGE =~ "/\[(ci skip|skip ci) on ([^],]*,)*tag(,[^],]*)*\]/" && $CI_COMMIT_TAG'
       when: never
-- 
GitLab