gitlab-ci-local icon indicating copy to clipboard operation
gitlab-ci-local copied to clipboard
verified publisher icon firecow

Regex issue in if: clause

Open Marakai opened this issue 1 month ago • 10 comments

Minimal .gitlab-ci.yml illustrating the issue

---
stages:
  - test

quoted-literal-rule:
  stage: test
  rules:
    - if: '"feature/JIRA-1234-something-broken" =~ /^renovate\/'
      when: always
  script:
    - echo "this job should never run on feature branches"

quoted-branch-rule:
  stage: test
  rules:
    - if: '"%{CI_COMMIT_BRANCH}" =~ /^renovate\/'
      when: always
  script:
    - echo "this job should only run for renovate/* branches"

Sample setup

Quick & dirty repo setup - intended to be copy-pasteable:

mkdir ~/gcl-re2-repro
cd ~/gcl-re2-repro

git init -q

echo "re2 repro" > README.md

cat > .gitlab-ci.yml <<'EOF'
stages:
  - test

quoted-literal-rule:
  stage: test
  rules:
    - if: '"feature/JIRA-1234-something-broken" =~ /^renovate\/'
      when: always
  script:
    - echo "this job should never run on feature branches"

quoted-branch-rule:
  stage: test
  rules:
    - if: '"%{CI_COMMIT_BRANCH}" =~ /^renovate\/'
      when: always
  script:
    - echo "this job should only run for renovate/* branches"
EOF

git add README.md .gitlab-ci.yml
git commit -qm "initial re2 repro"

git branch -M feature/JIRA-1234-something-broken
git remote add origin https://example.com/dummy/repo.git

Expected behavior

GCL should run without issues

Shown behavior

gitlab-ci-local --version

gitlab-ci-local --list

4.60.1 [ or 4.63.0 ]
Unable to retrieve default remote branch, falling back to `main`. The default remote branch can be set via `git remote set-head origin <default_branch>

                                                                                                              
Error attempting to evaluate the following rules:
  rules:
    - if: '"feature/JIRA_1234-something-broken" =~ /^renovate//'
as rhs contains unescaped quote

The remote branch complaint it because of faux git repo setup, not of concern here.

Host information

  • NAME="Linux Mint"

  • VERSION="22.1 (Xia)"

  • ID=linuxmint

  • ID_LIKE="ubuntu debian"

  • gitlab-ci-local: 4.60.1 and 4.63.0

Containerd binary

Using docker, but not in the context of this reproduction.

Additional context

It's strange to see the RE2JS complaint for 4.60.1, as the release notes said that wasn't introduced until 4.62.x ?

Marakai avatar Nov 19 '25 02:11 Marakai

(apologies for the somewhat messy report - I had to jump back and forth between restricted corporate network and general internet to reproduce and copy these results)

Marakai avatar Nov 19 '25 02:11 Marakai

Please revisit this description and make it look prettier 😄 My eyes are bleeding.

firecow avatar Nov 21 '25 12:11 firecow

yes, sorry, will do. the markup hates me

EDIT: I hope it's less like Linear-A now.

Marakai avatar Nov 24 '25 00:11 Marakai

It's strange to see the RE2JS complaint for 4.60.1

Can't replicate. The complaint is see is for RE2 for 4.60.1

ANGkeith avatar Nov 26 '25 14:11 ANGkeith

i can't get either of your example working in gitlab.com either

---
stages:
  - test

quoted-literal-rule:
  stage: test
  rules:
    - if: '"feature/JIRA-1234-something-broken" =~ /^renovate\/'               # There's a trailing slash here
      when: always
  script:
    - echo "this job should never run on feature branches"

quoted-branch-rule:
  stage: test
  rules:
    - if: '"%{CI_COMMIT_BRANCH}" =~ /^renovate\/'                             # There's a trailing slash here
      when: always
  script:
    - echo "this job should only run for renovate/* branches"

ANGkeith avatar Nov 26 '25 14:11 ANGkeith

is it because of our Jira naming scheme? as I said, it was a pain in the arse to replicate and I tried to do my best to then transfer it out of our locked down corporate network, but I couldn't run it locally as so much of the basics were missing (like our entire build framework).

I had hoped it'd be some fairly straight-forward case of regex choking in some edge case which our framerwork promptly triggers.

Marakai avatar Nov 28 '25 07:11 Marakai

yeah locked down environment can be a PITA...

based off the eg. you provide it's due to

Image

which did not work for both gitlab.com and gitlab-ci-local

ANGkeith avatar Nov 28 '25 08:11 ANGkeith

I'm in the process of digging out some down time and then try and replicate this as simple as possible even from within our corp environment. All the proprietary templates and includes to work in our own gitlab and our runners, but now I need to find a minimal and non-proprietary config that produces this.

Marakai avatar Dec 11 '25 04:12 Marakai

I don't know if it helps you but this seems to work for me:

You seem to at least have forgotten a trailing / on the regex.

---
stages:
  - test

quoted-literal-rule:
  stage: test
  rules:
    - if: '"feature/JIRA-1234-something-broken" =~ /^renovate\//'
      when: always
  script:
    - echo "this job should never run on feature branches"

quoted-branch-rule:
  stage: test
  rules:
    - if: '$CI_COMMIT_BRANCH =~ /^renovate\//'
      when: always
  script:
    - echo "this job should only run for renovate/* branches"

peterbbeu avatar Dec 12 '25 11:12 peterbbeu

I've got something similar. Not sure this is a bug of GCL, but it passes Gitlab.com linting and RE2JS validators and gives an error on GCL 4.63.0.

- if: $CI_COMMIT_TAG =~ /^(?:core\/)?v\d+\.\d+\.\d+.*/

Error attempting to evaluate the following rules:
  rules:
    - if: '"v1.2025.2-2-gbcf2a630-dirty" =~ /^(?:core\/)?v\d+\.\d+\.\d+.*/'
as

"v1.2025.2-2-gbcf2a630-dirty".matchRE2JS(RE2JS.compile("^(?:core\\", 0)) != null)?v\d+\.\d+\.\d+.*/

Possibly related: #424, #491

Works great on gitlab.com, not only the linting but the pipeline logic.

vassilit avatar Dec 12 '25 15:12 vassilit

@Marakai could you test if #1712 fixes your issue ?

ANGkeith avatar Dec 17 '25 07:12 ANGkeith