diff --git a/ee/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context.rb b/ee/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context.rb
index 564c1d72c854da3355fb63ad617fa23959a4a40b..ed9c935fd4c7bbab76e954660085b90de2ddf016 100644
--- a/ee/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context.rb
+++ b/ee/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context.rb
@@ -130,6 +130,8 @@ def create_pipeline(policy, partition_id)
::Ci::CreatePipelineService
.new(project, command.current_user,
ref: command.ref,
+ before: command.before_sha,
+ after: command.after_sha,
source_sha: command.source_sha,
checkout_sha: command.checkout_sha,
target_sha: command.target_sha,
diff --git a/ee/spec/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context_spec.rb b/ee/spec/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context_spec.rb
index 3fe55aeb0f644a745ab7b20eda6d95a7a8070dd9..dde03641636945b996c36127f0c76b97eab6a929 100644
--- a/ee/spec/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context_spec.rb
+++ b/ee/spec/lib/gitlab/ci/pipeline/pipeline_execution_policies/pipeline_context_spec.rb
@@ -70,6 +70,17 @@
end
end
+ it 'passes the right shas to the pipeline' do
+ perform
+
+ context.policy_pipelines.each do |policy_pipeline|
+ expect(policy_pipeline.pipeline.ref).to eq(pipeline.ref)
+ expect(policy_pipeline.pipeline.before_sha).to eq(pipeline.before_sha)
+ expect(policy_pipeline.pipeline.source_sha).to eq(pipeline.source_sha)
+ expect(policy_pipeline.pipeline.target_sha).to eq(pipeline.target_sha)
+ end
+ end
+
it 'propagates partition_id to policy pipelines' do
perform
diff --git a/ee/spec/services/ci/create_pipeline_service/pipeline_execution_policy_spec.rb b/ee/spec/services/ci/create_pipeline_service/pipeline_execution_policy_spec.rb
index 20fcb2fc3e6879d632f9b566a1ce33b31e335005..a181a81521f03683cb2fa40cbaa9c2bbae07b678 100644
--- a/ee/spec/services/ci/create_pipeline_service/pipeline_execution_policy_spec.rb
+++ b/ee/spec/services/ci/create_pipeline_service/pipeline_execution_policy_spec.rb
@@ -315,6 +315,72 @@
end
end
+ context 'with jobs using rules:changes' do
+ let(:project_policy_content) do
+ {
+ project_policy_job: {
+ stage: 'test',
+ script: 'project script',
+ rules: [
+ {
+ changes: [
+ 'development.txt'
+ ]
+ }
+ ]
+ }
+ }
+ end
+
+ it 'includes the job' do
+ builds = execute.payload.builds
+
+ expect(builds.map(&:name)).to include('project_policy_job')
+ end
+
+ context 'when a file is touched in a commit' do
+ before_all do
+ group.add_owner(user)
+ end
+
+ let(:before_sha) { project.repository.commit.sha }
+ let(:opts) do
+ { origin_ref: project.default_branch_or_main, before_sha: before_sha, source_sha: before_sha,
+ target_sha: new_sha }
+ end
+
+ let(:new_sha) do
+ create_file_in_repo(
+ project,
+ project.default_branch_or_main,
+ project.default_branch_or_main,
+ touched_tile_name, 'This is a test',
+ commit_message: 'Touch file'
+ )[:result]
+ end
+
+ context 'when the file listed in changes is not touched' do
+ let(:touched_tile_name) { 'production.txt' }
+
+ it 'does not include the job' do
+ builds = execute.payload.builds
+
+ expect(builds.map(&:name)).not_to include('project_policy_job')
+ end
+ end
+
+ context 'when the file listed in changes is touched' do
+ let(:touched_tile_name) { 'development.txt' }
+
+ it 'includes the job' do
+ builds = execute.payload.builds
+
+ expect(builds.map(&:name)).to include('project_policy_job')
+ end
+ end
+ end
+ end
+
context 'when any policy contains `override_project_ci` strategy' do
let(:project_policy) do
build(:pipeline_execution_policy, :override_project_ci,