Avoid creating rules that generate double pipelines
Description
This policy checks for the creation of rules in GitLab CI configurations that can generate double pipelines. Double pipelines can occur when multiple rules are defined with conditions that can be triggered simultaneously, leading to unnecessary pipeline runs and potential resource waste. It's essential to avoid such configurations to optimize pipeline execution and reduce the risk of errors or inconsistencies. By identifying and fixing these rules, developers can improve the efficiency and reliability of their CI/CD workflows.
Code Example
yaml
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: on_success
- if: '$CI_PIPELINE_SOURCE == "push"'
when: on_successRemediation
Ensure that rules are defined with mutually exclusive conditions to prevent double pipelines. This can be achieved by carefully reviewing the 'if' conditions in each rule and modifying them to avoid overlaps.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1067 |
| Severity | MEDIUM |
| IaC Type | gitlab_ci |
| Frameworks | *.rules |
| Checkov ID | CKV_GITLABCI_2 |