rewrite analyze jobs rules to simplify the conditions under which the
jobs appear and run
after these changes:
- to appear, all jobs must be selected (SELECTED_JOBS_ONLY), have token
(WTOKEN), and be in an allowed path (CI_PROJECT_PATH), this is specified in
.eclair-analysis
- the subcategories have their own exceptions, keeping current behavior:
- ECLAIR_SAFETY/ECLAIR_TESTING can force enable some
- eclair-testing jobs will not appear outside xen-project/people
This assumes we don't use pipeline sources other than push/api/schedule.
Signed-off-by: Victor Lira <victorm.lira@amd.com>
---
this preseves the current behavior of the -testing jobs running anywhere on
xen-project/people but maybe we want to limit it to whoever is doing the
testing, or in some other way
tested on my own repo xen-project/people/victormlira/xen
push https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541858231
push /eclair-x86_64-amd$|alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859057
push /alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859605
schedule https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541871689
schedule /eclair-x86_64-amd$|alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541875599
schudule /alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541876512
---
automation/gitlab-ci/analyze.yaml | 20 +++++++++-----------
1 file changed, 9 insertions(+), 11 deletions(-)
diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml
index b3f99f472d..687af4d452 100644
--- a/automation/gitlab-ci/analyze.yaml
+++ b/automation/gitlab-ci/analyze.yaml
@@ -19,25 +19,25 @@
- '*.log'
- '*.json'
reports:
codequality: gl-code-quality-report.json
rules:
- - if: $WTOKEN == null
- when: never
- - when: always
+ - if: $CI_JOB_NAME =~ $SELECTED_JOBS_ONLY && $WTOKEN
+ && $CI_PROJECT_PATH =~ /^xen-project\/hardware\/.*$/
+ when: on_success
+ - if: $CI_JOB_NAME =~ $SELECTED_JOBS_ONLY && $WTOKEN
+ && $CI_PROJECT_PATH =~ /^xen-project\/people\/.*$/
+ when: manual
+ allow_failure: true
+
needs: []
.eclair-analysis:triggered:
extends: .eclair-analysis
rules:
- - if: $CI_PIPELINE_SOURCE == "schedule"
+ - if: $CI_PIPELINE_SOURCE != "push" && $CI_PIPELINE_SOURCE != "api"
when: never
- - if: $CI_JOB_NAME !~ $SELECTED_JOBS_ONLY
- when: never
- - if: $WTOKEN && $CI_PROJECT_PATH =~ /^xen-project\/people\/.*$/
- when: manual
- allow_failure: true
- !reference [.eclair-analysis, rules]
eclair-x86_64-allcode:
extends: .eclair-analysis:triggered
variables:
@@ -218,12 +218,10 @@ eclair-ARM64-amd:
.eclair-analysis:on-schedule:
extends: .eclair-analysis
rules:
- if: $CI_PIPELINE_SOURCE != "schedule"
when: never
- - if: $CI_JOB_NAME !~ $SELECTED_JOBS_ONLY
- when: never
- !reference [.eclair-analysis, rules]
eclair-x86_64-allrules:on-schedule:
extends: .eclair-analysis:on-schedule
variables:
--
2.54.0On 20/05/2026 11:58 pm, Victor Lira wrote: > rewrite analyze jobs rules to simplify the conditions under which the > jobs appear and run > > after these changes: > - to appear, all jobs must be selected (SELECTED_JOBS_ONLY), have token > (WTOKEN), and be in an allowed path (CI_PROJECT_PATH), this is specified in > .eclair-analysis > - the subcategories have their own exceptions, keeping current behavior: > - ECLAIR_SAFETY/ECLAIR_TESTING can force enable some > - eclair-testing jobs will not appear outside xen-project/people > > This assumes we don't use pipeline sources other than push/api/schedule. > > Signed-off-by: Victor Lira <victorm.lira@amd.com> > --- > this preseves the current behavior of the -testing jobs running anywhere on > xen-project/people but maybe we want to limit it to whoever is doing the > testing, or in some other way > > tested on my own repo xen-project/people/victormlira/xen > > push https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541858231 > push /eclair-x86_64-amd$|alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859057 > push /alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859605 > schedule https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541871689 > schedule /eclair-x86_64-amd$|alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541875599 > schudule /alpine-3.18-gcc$/ https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541876512 I'm afraid this still doesn't work. I pushed with ci.variable=SELECTED_JOBS_ONLY="/eclair-x86_64-allcode/" and still got the eclair-*-amd jobs started. https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/2545988798 ~Andrew
On 2026-05-22 12:20, Andrew Cooper wrote:
> On 20/05/2026 11:58 pm, Victor Lira wrote:
>> rewrite analyze jobs rules to simplify the conditions under which the
>> jobs appear and run
>>
>> after these changes:
>> - to appear, all jobs must be selected (SELECTED_JOBS_ONLY), have
>> token
>> (WTOKEN), and be in an allowed path (CI_PROJECT_PATH), this is
>> specified in
>> .eclair-analysis
>> - the subcategories have their own exceptions, keeping current
>> behavior:
>> - ECLAIR_SAFETY/ECLAIR_TESTING can force enable some
>> - eclair-testing jobs will not appear outside xen-project/people
>>
>> This assumes we don't use pipeline sources other than
>> push/api/schedule.
>>
>> Signed-off-by: Victor Lira <victorm.lira@amd.com>
>> ---
>> this preseves the current behavior of the -testing jobs running
>> anywhere on
>> xen-project/people but maybe we want to limit it to whoever is doing
>> the
>> testing, or in some other way
>>
>> tested on my own repo xen-project/people/victormlira/xen
>>
>> push
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541858231
>> push /eclair-x86_64-amd$|alpine-3.18-gcc$/
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859057
>> push /alpine-3.18-gcc$/
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541859605
>> schedule
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541871689
>> schedule /eclair-x86_64-amd$|alpine-3.18-gcc$/
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541875599
>> schudule /alpine-3.18-gcc$/
>> https://gitlab.com/xen-project/people/victormlira/xen/-/pipelines/2541876512
>
> I'm afraid this still doesn't work.
>
> I pushed with ci.variable=SELECTED_JOBS_ONLY="/eclair-x86_64-allcode/"
> and still got the eclair-*-amd jobs started.
>
> https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/2545988798
>
> ~Andrew
Perhaps it's because the runner is marked as a safety runner?
rules:
- if: $ECLAIR_SAFETY
when: always
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
On Fri, May 22, 2026 at 12:32:33PM +0200, Nicola Vetrini wrote: > On 2026-05-22 12:20, Andrew Cooper wrote: > > I'm afraid this still doesn't work. > > > > I pushed with ci.variable=SELECTED_JOBS_ONLY="/eclair-x86_64-allcode/" > > and still got the eclair-*-amd jobs started. > > > > https://gitlab.com/xen-project/hardware/xen-staging/-/pipelines/2545988798 > > Perhaps it's because the runner is marked as a safety runner? > > rules: > - if: $ECLAIR_SAFETY > when: always The variable isn't set in the runner (runners variable wouldn't be taken into account here anyway). The variable is set for the group "xen-project/hardware", so for every repo under it. Cheers, -- Anthony Perard | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech
© 2016 - 2026 Red Hat, Inc.