painless-continuous-delivery
painless-continuous-delivery copied to clipboard
painless-software
Shell-style && concatenation is fragile (GitLab, Bitbucket)
Both in GitLab CI and Bitbucket Pipelines the shell-style && concatenation seems to be very fragile and doesn't behave as expected.
Expected behavior
When a single command fails in the chain of commands concatenated with && then the entire pipeline should fail, and abort immediately.
Actual behavior
When a single command fails in a block with pushd ... && kustomize edit ... && popd ... then the pipeline continues with the next step, which consequently fails again, but even there without making the entire pipeline fail.
Examples (related failing builds)
The fragility might result from the piped kustomize command in the command chain:
kustomize build | oc apply -f - && ...
When kustomize fails its exit status is not evaluated by && but the one of oc apply.
Piping in shells is always problematic in pipelines. A simple, innocent example is what we use to pull existing Docker image layers (something that is suggested in the GitLab docs):
- docker pull "${IMAGE}:latest" || true
Looks innocent, doesn't it? – If the image doesn't exist yet it would error out, hence we fall back to true.
So, what's the problem? – What if we don't have permissions to push, pull, etc.? docker login worked on the line above, but this line should fail now. And it won't. It will continue to the next statements and produce potentially confusing errors that need to be troubleshot. There must be a better way.:tm: