feat(terraform): run jobs for child pipelines

What --- Add a new rule to also run the jobs when they are a [child pipeline](https://docs.gitlab.com/ee/ci/pipelines/downstream_pipelines.html#parent-child-pipelines) Why --- In <https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/issues/25513#note_1957421745> we are trying to run the `terraform.yml` inside of a child pipeline, and have [merge request pipelines](https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html) enabled. The jobs don't end up running because we don't define the [pipeline source](https://docs.gitlab.com/ee/ci/pipelines/downstream_pipelines.html#run-child-pipelines-with-merge-request-pipelines) and it never executes. We might have to do the same for [iac-sast](https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/d2b9dbfd72c4915c1a4d60b3ac327a2b5805365f/templates/terraform.yml#L39-41) but we should test it here first. Reference: https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/issues/25513 Signed-off-by: Steve Xuereb <sxuereb@gitlab.com>

feat(terraform): run jobs for child pipelines
813cf5d6 · Steve Xuereb · d2b9dbfd · 813cf5d6 · 813cf5d6 · 813cf5d6
Unverified Commit 813cf5d6 authored 8 months ago by Steve Xuereb
--- a/checkov.yml
+++ b/checkov.yml
@@ -41,7 +41,10 @@ checkov:
    paths:
      - "checkov-output/*"
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")'
+    - if: $CI_PIPELINE_SOURCE == "parent_pipeline"
+      exists:
+        - .checkov.yaml
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" || ($CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule")
      exists:
        - .checkov.yaml
  # Automatically retry on any system blips

--- a/hclfmt.yml
+++ b/hclfmt.yml
@@ -19,5 +19,6 @@ hclfmt:
    https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/hclfmt.md
    EOD
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"'
+    - if: $CI_PIPELINE_SOURCE == "parent_pipeline"
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"
--- a/terraform-format.yml
+++ b/terraform-format.yml
@@ -21,5 +21,6 @@ terraform_format:
    https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/terraform-format.md
    EOD
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"'
+    - if: $CI_PIPELINE_SOURCE == "parent_pipeline"
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"
--- a/terraform-validate.yml
+++ b/terraform-validate.yml
@@ -51,5 +51,6 @@ terraform_validate:
    https://gitlab.com/gitlab-com/gl-infra/common-ci-tasks/-/blob/main/terraform-validate.md
    EOD
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"'
+    - if: $CI_PIPELINE_SOURCE == "parent_pipeline"
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"
--- a/tflint.yml
+++ b/tflint.yml
@@ -63,5 +63,6 @@ tflint:
    reports:
      junit: tflint-reports/*.xml
  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"'
+    - if: $CI_PIPELINE_SOURCE == "parent_pipeline"
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "schedule"