Skip to content

Fix automatic deletion of static assets packages in CI

Kerem Güneş requested to merge ci-fix-package-deletion into drupal-to-ckan

Deleting packages via API calls from the package registry requires:

  1. an access token of scope api for the project
  2. the user making the call to have sufficient permissions to delete packages.

As only maintainers have permissions to delete packages in GitLab, the idea is to use a pipeline trigger to impersonate a maintainer for running the deletion job.

The updated CI pipeline behaves as follows:

  • If a push is made to a branch, which is the source branch of a merge request, then a merge request pipeline is run to create a package associated with the source branch of the merge request. When the merge request is merged or closed, a pipeline is triggered from the .gitlab-ci.yml sitting in the target branch of the merge request to remove the package associated with its source branch.

  • For direct pushes to branches not tied to merge requests, a branch pipeline is run to create a package based on the commit branch. If the branch is deleted, a pipeline is triggered from the .gitlab.ci-yml sitting in a hardcoded branch currently set to the main development branch drupal-to-ckan, as there is no notion of source branch and target branch in this case.

    Note: When drupal-to-ckan is merged to master, or main development moves to another branch, the hardcoded branch in .gitlab-ci.yml for branch pipelines should be adjusted accordingly.

  • When a tag is pushed, a tag pipeline is run to create a package based on the commit tag. When a tag is deleted, GitLab does not trigger a stop action, therefore the cleanup job to remove the package does not run automatically, but can be run by manually resuming the CI pipeline.

If a push is made to a branch triggering a branch pipeline, and a merge request is opened while the branch pipeline is still running, the branch pipeline is canceled, and a new merge request pipeline runs on the branch, using it as its source branch. In this case, the branch pipeline annoyingly fails with error

The deployment job is older than the previously succeeded deployment job, and therefore cannot be run

instead of cancelling gracefully, even when the project is configured to auto-cancel redundant pipelines, skip outdated deployment jobs; and when interruptible: true is set for the build job. See the related open GitLab issue.

Edited by Kerem Güneş

Merge request reports