From 4bfc189475a3454ed7f0a4dd9c227034e72ec779 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Fri, 13 Sep 2024 17:09:31 +1000 Subject: [PATCH 01/15] Conditionals for Rules --- pages/pipelines/rules.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 708719e3f7..a486a4de60 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -30,7 +30,11 @@ This rule type allows one pipeline to trigger another, where: "rule": "pipeline.trigger_build.pipeline", "value": { "source_pipeline": "pipeline-uuid-or-slug", - "target_pipeline": "pipeline-uuid-or-slug" + "target_pipeline": "pipeline-uuid-or-slug", + "conditions": [ + "source.build.branch == 'main'", + "source.build.commit == target.trigger.commit" + ] } } ``` @@ -40,6 +44,24 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to trigger another pipeline. - `target_pipeline` is the UUID or slug of the pipeline that can be triggered by the `source_pipeline` pipeline. +The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. In the example above, the rule would only apply if the source pipeline's build branch is `main` and the commit of the source pipeline's build matches the target pipeline's trigger build commit. If no conditions are specified, the trigger is allowed in all cases between the source and target pipelines. If multiple conditions are specified, all conditions must be met for the trigger to be allowed. + +Conditions are optional for this rule and can be used to restrict when a trigger is allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). If the conditions are not met, the trigger is now allowed (even if the default permissions would have allowed it). If no conditions are specified, triggering is allowed between the source and target pipelines in all cases (on all branches and commits, all authors etc). + +In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: + +- `source.build` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). + - `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. + - `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. + - `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. + - `source.build.author` - the author of the commit of the source pipeline that the trigger step is targeting. + - `source.build.creator` - the creator of the build in the source pipeline. + +- `target.trigger.branch` - the branch of the target pipeline that the trigger step is targeting. +- `target.trigger.commit` - the commit of the target pipeline that the trigger step is targeting. +- `target.trigger.message` - the commit message of the target pipeline that the trigger step is targeting. + + Learn more about creating rules in [Manage rules](/docs/pipelines/rules/manage). #### Example use case: cross-cluster pipeline triggering @@ -72,8 +94,6 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to access the artifacts from another pipeline. - `target_pipeline` is the UUID or slug of the pipeline whose artifacts can be accessed by jobs in the `source_pipeline` pipeline. -Learn more about creating rules in [Manage rules](/docs/pipelines/rules/manage). - #### Example use case: sharing assets between clusters Artifacts are not accessible between pipelines across different clusters. For example, a deployment pipeline in cluster B cannot ordinarily access artifacts uploaded by a CI pipeline in cluster A. From 1e1c97eeb93a2d44f63135b4f4eaea9173ac8cb1 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 11:36:12 +1000 Subject: [PATCH 02/15] Add link to conditionals build docs --- pages/pipelines/rules.md | 12 +++++------- vendor/emojis | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index a486a4de60..717fca41b9 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -50,13 +50,11 @@ Conditions are optional for this rule and can be used to restrict when a trigger In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: -- `source.build` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - - `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. - - `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. - - `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. - - `source.build.author` - the author of the commit of the source pipeline that the trigger step is targeting. - - `source.build.creator` - the creator of the build in the source pipeline. - + - `source.build.*` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). + Example variables include: + - `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. + - `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. + - `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. - `target.trigger.branch` - the branch of the target pipeline that the trigger step is targeting. - `target.trigger.commit` - the commit of the target pipeline that the trigger step is targeting. - `target.trigger.message` - the commit message of the target pipeline that the trigger step is targeting. diff --git a/vendor/emojis b/vendor/emojis index f113dde655..e0341903bb 160000 --- a/vendor/emojis +++ b/vendor/emojis @@ -1 +1 @@ -Subproject commit f113dde655aaba3d45515686215485cfeb3cb182 +Subproject commit e0341903bbca03eb66c7edeaab47818b1f7ee842 From 94155f69f86d7dce56a15f176a848d60baf2c5b6 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 12:01:16 +1000 Subject: [PATCH 03/15] Undo submodules --- vendor/emojis | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/emojis b/vendor/emojis index e0341903bb..f113dde655 160000 --- a/vendor/emojis +++ b/vendor/emojis @@ -1 +1 @@ -Subproject commit e0341903bbca03eb66c7edeaab47818b1f7ee842 +Subproject commit f113dde655aaba3d45515686215485cfeb3cb182 From 408914d02e92aa59c57bf21255cfce38f24bb1a0 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 12:38:34 +1000 Subject: [PATCH 04/15] Fix list syntax --- pages/pipelines/rules.md | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 717fca41b9..dd0c8540a7 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -43,18 +43,19 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to trigger another pipeline. - `target_pipeline` is the UUID or slug of the pipeline that can be triggered by the `source_pipeline` pipeline. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. -The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. In the example above, the rule would only apply if the source pipeline's build branch is `main` and the commit of the source pipeline's build matches the target pipeline's trigger build commit. If no conditions are specified, the trigger is allowed in all cases between the source and target pipelines. If multiple conditions are specified, all conditions must be met for the trigger to be allowed. +#### Conditions -Conditions are optional for this rule and can be used to restrict when a trigger is allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). If the conditions are not met, the trigger is now allowed (even if the default permissions would have allowed it). If no conditions are specified, triggering is allowed between the source and target pipelines in all cases (on all branches and commits, all authors etc). +The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. In the example above, the rule would only apply if the source pipeline's build branch is `main` and the commit of the source pipeline's build matches the target pipeline's trigger build commit. If no conditions are specified, the trigger is allowed in all cases between the source and target pipelines. If the conditions are not met, the trigger is not allowed (even if the default permissions would have allowed it). If multiple conditions are specified, all conditions must be met for the trigger to be allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: - - `source.build.*` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - Example variables include: - - `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. - - `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. - - `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. +- `source.build.*` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). + Example variables include: + + `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. + + `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. + + `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. - `target.trigger.branch` - the branch of the target pipeline that the trigger step is targeting. - `target.trigger.commit` - the commit of the target pipeline that the trigger step is targeting. - `target.trigger.message` - the commit message of the target pipeline that the trigger step is targeting. @@ -82,7 +83,10 @@ This rule type allows one pipeline to access (that is, with read-only permission "rule": "pipeline.artifacts_read.pipeline", "value": { "source_pipeline": "pipeline-uuid-or-slug", - "target_pipeline": "pipeline-uuid-or-slug" + "target_pipeline": "pipeline-uuid-or-slug", + "conditions": [ + "source.build.branch == target.build.branch", + ] } } ``` @@ -91,6 +95,16 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to access the artifacts from another pipeline. - `target_pipeline` is the UUID or slug of the pipeline whose artifacts can be accessed by jobs in the `source_pipeline` pipeline. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met for the access to be allowed. + +#### Conditions + +The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for artifact access to be allowed. In the example above, the rule would only apply if the source pipeline's build branch matches the target pipeline's build branch. If no conditions are specified, the access is allowed in all cases between the source and target pipelines. If the conditions are not met, the access is not allowed (even if the default permissions would have allowed it). If multiple conditions are specified, all conditions must be met for the access to be allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). + +In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: +- `source.build.*` - the build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). +- `target.build.*` - the build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). +- `source.request.query` - the query for artifacts. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. #### Example use case: sharing assets between clusters From d8e186bd7d71e0bd80db3df6cf0a6dd0885bfe08 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 12:45:54 +1000 Subject: [PATCH 05/15] Add clarification on the artifacts query --- pages/pipelines/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index dd0c8540a7..5b5490a8ee 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -104,7 +104,7 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: - `source.build.*` - the build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - `target.build.*` - the build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). -- `source.request.query` - the query for artifacts. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. +- `source.request.query` - the query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. #### Example use case: sharing assets between clusters From fe0644ba8e6b7eff5dc487453b9fe736dd320cb4 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 12:47:34 +1000 Subject: [PATCH 06/15] Conditions shown in error messages --- pages/pipelines/rules.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 5b5490a8ee..d981365249 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -60,6 +60,7 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit - `target.trigger.commit` - the commit of the target pipeline that the trigger step is targeting. - `target.trigger.message` - the commit message of the target pipeline that the trigger step is targeting. +Note: Conditions are shown in error messages when access is denied. Learn more about creating rules in [Manage rules](/docs/pipelines/rules/manage). @@ -106,6 +107,8 @@ In the `pipeline.read_artifacts.pipeline` rule the available variables for condi - `target.build.*` - the build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - `source.request.query` - the query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. +Note: Conditions are shown in error messages when access is denied. + #### Example use case: sharing assets between clusters Artifacts are not accessible between pipelines across different clusters. For example, a deployment pipeline in cluster B cannot ordinarily access artifacts uploaded by a CI pipeline in cluster A. From f446a7b5e9e5eb4e53a9de829828d25f95ca3c7e Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 13:15:50 +1000 Subject: [PATCH 07/15] Formatting --- pages/pipelines/rules.md | 1 + 1 file changed, 1 insertion(+) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index d981365249..d2faa3b1d2 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -103,6 +103,7 @@ where: The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for artifact access to be allowed. In the example above, the rule would only apply if the source pipeline's build branch matches the target pipeline's build branch. If no conditions are specified, the access is allowed in all cases between the source and target pipelines. If the conditions are not met, the access is not allowed (even if the default permissions would have allowed it). If multiple conditions are specified, all conditions must be met for the access to be allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: + - `source.build.*` - the build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - `target.build.*` - the build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - `source.request.query` - the query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. From ffdb94ec11c8cadfc9d10b1251e8af9999c9da80 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Tue, 24 Sep 2024 20:34:09 +1000 Subject: [PATCH 08/15] Use tables instead --- pages/pipelines/rules.md | 79 ++++++++++++++++++++++++++++++++++------ 1 file changed, 68 insertions(+), 11 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index d2faa3b1d2..2b1d9a4430 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -51,14 +51,38 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: -- `source.build.*` - the triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). - Example variables include: - + `source.build.branch` - the branch of the source pipeline that the trigger step is targeting. - + `source.build.commit` - the commit of the source pipeline that the trigger step is targeting. - + `source.build.message` - the commit message of the source pipeline that the trigger step is targeting. -- `target.trigger.branch` - the branch of the target pipeline that the trigger step is targeting. -- `target.trigger.commit` - the commit of the target pipeline that the trigger step is targeting. -- `target.trigger.message` - the commit message of the target pipeline that the trigger step is targeting. + + + + + + + + + + + + + + + + + + + + + + + +
source.build.*Build +

The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

+

Example variables available:

+
    +
  • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
    • +
  • source.build.commit - the commit of the source pipeline that the trigger step is targeting.
    • +
  • source.build.message - the commit message of the source pipeline that the trigger step is targeting.
    • +
+
source.target.branchStringThe branch of the target pipeline that the trigger step is targeting.
source.target.commitStringThe commit of the target pipeline that the trigger step is targeting.
source.target.messageStringThe commit message of the target pipeline that the trigger step is targeting.
Note: Conditions are shown in error messages when access is denied. @@ -104,9 +128,42 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: -- `source.build.*` - the build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). -- `target.build.*` - the build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables). -- `source.request.query` - the query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax. + + + + + + + + + + + + + + + + + + + +
source.build.*Build +

The build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

+

Example variables available:

+
    +
  • source.build.branch - the branch of the source pipeline that is accessing the artifacts.
    • +
  • source.build.commit - the commit of the source pipeline that is accessing the artifacts.
    • +
  • source.build.message - the commit message of the source pipeline that is accessing the artifacts.
    • +
+
target.build.*Build +

The build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

+

Example variables available:

+
    +
  • target.build.branch - the branch of the target pipeline that the artifacts are being accessed from.
    • +
  • target.build.commit - the commit of the target pipeline that the artifacts are being accessed from.
    • +
  • target.build.message - the commit message of the target pipeline that the artifacts are being accessed from.
    • +
+
source.request.queryStringThe query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax.
Note: Conditions are shown in error messages when access is denied. From 232ae208ac04c2155942b4ef61abf575aeb78049 Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Thu, 26 Sep 2024 12:16:43 +1000 Subject: [PATCH 09/15] Formatting --- pages/pipelines/rules.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 2b1d9a4430..9b983950c2 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -57,7 +57,7 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit source.build.* Build -

The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

+

The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a build

Example variables available:

  • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
    • @@ -129,13 +129,13 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: - +
    source.build.* Build -

    The build in the source pipeline that is accessing the artifacts. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

    +

    The build in the source pipeline that is accessing the artifacts. This includes all the variables available for a build.

    Example variables available:

    • source.build.branch - the branch of the source pipeline that is accessing the artifacts.
      • @@ -148,7 +148,7 @@ In the `pipeline.read_artifacts.pipeline` rule the available variables for condi
    		target.build.* Build -

    The build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a [build](/docs/pipelines/conditionals#variable-and-syntax-reference-variables).

    +

    The build in the target pipeline that the artifacts are being accessed from. This includes all the variables available for a build.

    Example variables available:

    • target.build.branch - the branch of the target pipeline that the artifacts are being accessed from.
      • From e2d6d543c289ed37ffd677d8b0096eb519fd96df Mon Sep 17 00:00:00 2001 From: Matthew Borden Date: Thu, 26 Sep 2024 15:43:56 +1000 Subject: [PATCH 10/15] Formatting --- pages/pipelines/rules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 9b983950c2..0ceacc14fb 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -51,7 +51,7 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: - +
      From 92006112c04616a8532931fb8eee1ad9f9501487 Mon Sep 17 00:00:00 2001 From: James Sammut Date: Thu, 10 Oct 2024 11:17:31 +1100 Subject: [PATCH 11/15] Table formatting --- pages/pipelines/rules.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 0ceacc14fb..0d785f0753 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -53,19 +53,19 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit
      source.build.*
      - - - - + + + - + From 9ba1de0a091905d4f6ce8b99c73f3a98701e06e6 Mon Sep 17 00:00:00 2001 From: James Sammut Date: Thu, 10 Oct 2024 11:20:03 +1100 Subject: [PATCH 12/15] And more formatting --- pages/pipelines/rules.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 0d785f0753..501430af61 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -54,16 +54,16 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit
      source.build.*Build +
      source.build.*Build

      The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a build

      Example variables available:

        -
      • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
        • +
      • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
      • source.build.commit - the commit of the source pipeline that the trigger step is targeting.
      • source.build.message - the commit message of the source pipeline that the trigger step is targeting.
        • -
      +
      source.target.branch String
      - - - + + From ca6696ba1d23feefa28ab64142471f8ce24ece59 Mon Sep 17 00:00:00 2001 From: James Sammut <70425486+james2791@users.noreply.github.com> Date: Thu, 10 Oct 2024 14:54:56 +1100 Subject: [PATCH 13/15] Updated spacing (headers) for trigger build conditions table Co-authored-by: Giles Gas --- pages/pipelines/rules.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 501430af61..dadf823cb5 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -51,7 +51,14 @@ The optional `conditions` field allows you to specify an array of [conditionals] In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: -
      source.build.*Build + source.build.*Build

      The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a build

      Example variables available:

        -
      • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
        • +
      • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
      • source.build.commit - the commit of the source pipeline that the trigger step is targeting.
      • source.build.message - the commit message of the source pipeline that the trigger step is targeting.
        • -
      +
      +
      + + + + + + + From c883eebe212a7c80dd60271eabc720417ffbadcb Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 10 Oct 2024 15:02:50 +1100 Subject: [PATCH 14/15] Wording tweaks for rule conditionals. --- pages/pipelines/rules.md | 35 +++++++++++++++++++++++------------ 1 file changed, 23 insertions(+), 12 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index 501430af61..81503408ab 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -21,7 +21,8 @@ This rule type allows one pipeline to trigger another, where: - Both pipelines are in the same or different [clusters](/docs/clusters/overview). - One pipeline is public and another is private. -**Note:** This rule type overrides the usual [trigger step permissions checks](/docs/pipelines/trigger-step#permissions) on users and teams. +> 📘 +> This rule type overrides the usual [trigger step permissions checks](/docs/pipelines/trigger-step#permissions) on users and teams. **Rule Document** format: @@ -42,12 +43,12 @@ This rule type allows one pipeline to trigger another, where: where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to trigger another pipeline. -- `target_pipeline` is the UUID or slug of the pipeline that can be triggered by the `source_pipeline` pipeline. -- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. +- `target_pipeline` is the UUID or slug of the pipeline that can be triggered by the `source_pipeline`'s pipeline. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the `source_pipeline`'s pipeline to trigger the `target_pipeline`'s pipeline. #### Conditions -The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for the trigger to be allowed. In the example above, the rule would only apply if the source pipeline's build branch is `main` and the commit of the source pipeline's build matches the target pipeline's trigger build commit. If no conditions are specified, the trigger is allowed in all cases between the source and target pipelines. If the conditions are not met, the trigger is not allowed (even if the default permissions would have allowed it). If multiple conditions are specified, all conditions must be met for the trigger to be allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). +The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for the source pipeline (`source_pipeline`) to trigger the target pipeline (`target_pipeline`). In the example above, the rule would only allow triggering if the source pipeline's build branch is `main` and the commit of the source pipeline's build matches that of the target pipeline's trigger build. If no conditions are specified, triggering is allowed in all cases between the source and target pipelines. If _any_ of the conditions _are not_ met, triggering is not allowed, even if the default permissions would have allowed triggering. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals#variable-and-syntax-reference). In the `pipeline.trigger_build.pipeline` rule the available variables for conditions are: @@ -57,7 +58,7 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit
      VariableTypeDescription
      source.build.*source.build.* Build -

      The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a build

      +

      The triggering build in the source pipeline (contains the trigger step). This includes all the variables available for a build.

      Example variables available:

      • source.build.branch - the branch of the source pipeline that the trigger step is targeting.
        • @@ -84,7 +85,8 @@ In the `pipeline.trigger_build.pipeline` rule the available variables for condit
      -Note: Conditions are shown in error messages when access is denied. +> 📘 +> Conditions are shown in error messages when access is denied. Learn more about creating rules in [Manage rules](/docs/pipelines/rules/manage). @@ -120,16 +122,22 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to access the artifacts from another pipeline. - `target_pipeline` is the UUID or slug of the pipeline whose artifacts can be accessed by jobs in the `source_pipeline` pipeline. -- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met for the access to be allowed. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the jobs of the `source_pipeline`'s pipeline to access the artifacts of the `target_pipeline`'s pipeline. #### Conditions -The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for artifact access to be allowed. In the example above, the rule would only apply if the source pipeline's build branch matches the target pipeline's build branch. If no conditions are specified, the access is allowed in all cases between the source and target pipelines. If the conditions are not met, the access is not allowed (even if the default permissions would have allowed it). If multiple conditions are specified, all conditions must be met for the access to be allowed. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals). +The optional `conditions` field allows you to specify an array of [conditionals](/docs/pipelines/conditionals) that must be met for jobs of the source pipeline (`source_pipeline`) to access artifacts built by the target pipeline (`target_pipeline`). In the example above, the rule would only allow artifact access if the source pipeline's build branch matches the target pipeline's build branch. If no conditions are specified, artifact access is allowed in all cases between the source and target pipelines. If _any_ of the conditions _are not_ met, artifact access is not allowed, even if the default permissions would have allowed triggering. The conditions are evaluated using the [Buildkite conditionals syntax](/docs/pipelines/conditionals#variable-and-syntax-reference). In the `pipeline.read_artifacts.pipeline` rule the available variables for conditions are: - - +
      + + + + + + + @@ -160,12 +168,15 @@ In the `pipeline.read_artifacts.pipeline` rule the available variables for condi - +
      VariableTypeDescription
      source.build.*
      source.request.query StringThe query used to search for artifacts in the target build. See [Searching artifacts](https://buildkite.com/docs/agent/v3/cli-artifact#searching-artifacts) for more information on the query syntax.The query used to search for artifacts in the target build. See Searching artifacts for more information on the query syntax.
      -Note: Conditions are shown in error messages when access is denied. +> 📘 +> Conditions are shown in error messages when access is denied. + +Learn more about creating rules in [Manage rules](/docs/pipelines/rules/manage). #### Example use case: sharing assets between clusters From 7dd7e26da8cb07c61a4faa6d8109bff33d380bc8 Mon Sep 17 00:00:00 2001 From: Giles Gaskell Date: Thu, 10 Oct 2024 15:20:21 +1100 Subject: [PATCH 15/15] Tie syntax to their respective 'conditions' sections. --- pages/pipelines/rules.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pages/pipelines/rules.md b/pages/pipelines/rules.md index ef57bc7344..f391d45a51 100644 --- a/pages/pipelines/rules.md +++ b/pages/pipelines/rules.md @@ -44,7 +44,9 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to trigger another pipeline. - `target_pipeline` is the UUID or slug of the pipeline that can be triggered by the `source_pipeline`'s pipeline. -- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the `source_pipeline`'s pipeline to trigger the `target_pipeline`'s pipeline. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the `source_pipeline`'s pipeline to trigger the `target_pipeline`'s pipeline. Learn more about this in the following [Conditions](#conditions-trigger) section. + + #### Conditions @@ -129,7 +131,9 @@ where: - `source_pipeline` is the UUID or slug of the pipeline that's allowed to access the artifacts from another pipeline. - `target_pipeline` is the UUID or slug of the pipeline whose artifacts can be accessed by jobs in the `source_pipeline` pipeline. -- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the jobs of the `source_pipeline`'s pipeline to access the artifacts of the `target_pipeline`'s pipeline. +- `conditions` is an optional array of [conditionals](/docs/pipelines/conditionals) that must be met to allow the jobs of the `source_pipeline`'s pipeline to access the artifacts of the `target_pipeline`'s pipeline. Learn more about this in the following [Conditions](#conditions-artifacts) section. + + #### Conditions