.gitlab-ci.d/container-template.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
When extending the container template to allow scheduled piplines in
upstream context, we must ensure that all the existing rules defined
by .base_job_template are preserved.
Fortunately since the new rule for scheduled pipelines can come at
the head of all other rules, not in the middle, we can just the obscure
'!reference' syntax to pull in all the pre-existing rules as a single
block.
This fixes
* stable branches using the wrong tag name in container images
* pushes to forks unconditionally running container builds
Fixes: 8bec7b9874235e60f14172618121c60fdbd39302
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
.gitlab-ci.d/container-template.yml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/.gitlab-ci.d/container-template.yml b/.gitlab-ci.d/container-template.yml
index b92e96b0fc..6eaa2f804d 100644
--- a/.gitlab-ci.d/container-template.yml
+++ b/.gitlab-ci.d/container-template.yml
@@ -23,6 +23,5 @@
- docker logout
rules:
# because we want to enable this for scheduled runs we also have to replicate the normal rules
- - if: '$CI_PIPELINE_SOURCE == "schedule"'
- - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_COMMIT_BRANCH =~ /^staging/'
- - if: '$QEMU_CI && $CI_PROJECT_NAMESPACE != $QEMU_CI_UPSTREAM'
+ - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM'
+ - !reference [.base_job_template, rules]
--
2.52.0
On 1/19/26 16:55, Daniel P. Berrangé wrote:
> When extending the container template to allow scheduled piplines in
> upstream context, we must ensure that all the existing rules defined
> by .base_job_template are preserved.
>
> Fortunately since the new rule for scheduled pipelines can come at
> the head of all other rules, not in the middle, we can just the obscure
> '!reference' syntax to pull in all the pre-existing rules as a single
> block.
>
> This fixes
>
> * stable branches using the wrong tag name in container images
> * pushes to forks unconditionally running container builds
I wont pretend I know what "!reference" means in yaml. But this
change seems to fix both issues, and does not look like it breaks
something.
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
> Fixes: 8bec7b9874235e60f14172618121c60fdbd39302
Fixes: 8bec7b987423 ("gitlab: add a weekly container building job")
Thanks!
/mjt
On Mon, Jan 19, 2026 at 11:28:58PM +0300, Michael Tokarev wrote: > On 1/19/26 16:55, Daniel P. Berrangé wrote: > > When extending the container template to allow scheduled piplines in > > upstream context, we must ensure that all the existing rules defined > > by .base_job_template are preserved. > > > > Fortunately since the new rule for scheduled pipelines can come at > > the head of all other rules, not in the middle, we can just the obscure > > '!reference' syntax to pull in all the pre-existing rules as a single > > block. > > > > This fixes > > > > * stable branches using the wrong tag name in container images > > * pushes to forks unconditionally running container builds > > I wont pretend I know what "!reference" means in yaml. But this > change seems to fix both issues, and does not look like it breaks > something. Think of it as a symlink to the "rules" definition in the ".base_job_template": https://docs.gitlab.com/ci/yaml/yaml_optimization/#reference-tags With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2026 Red Hat, Inc.