Skip saving pipeline config when using inputs

Inputs may contain secrets, so we don't want to save them in the DB as plain text. It's safe to not save a pipeline-config because we are currently considering dropping the `p_ci_pipelines_config` table because it's not used anywhere. https://gitlab.com/gitlab-org/gitlab/-/issues/520828#note_2364398251 related to https://gitlab.com/gitlab-org/gitlab/-/issues/523238 Changelog: other

Skip saving pipeline config when using inputs
e8af953e · Furkan Ayhan · GitLab · b0b91b4e · e8af953e · e8af953e
--- a/lib/gitlab/ci/pipeline/chain/config/content.rb
+++ b/lib/gitlab/ci/pipeline/chain/config/content.rb
@@ -11,7 +11,7 @@ class Content < Chain::Base
            def perform!
              if pipeline_config&.exists?
-                @pipeline.build_pipeline_config(content: pipeline_config.content, project_id: @pipeline.project_id)
+                build_pipeline_config
                @command.config_content = pipeline_config.content
                @pipeline.config_source = pipeline_config.source
                @command.pipeline_config = pipeline_config
@@ -39,6 +39,16 @@ def pipeline_config
                )
              end
            end
+            def build_pipeline_config
+              # Inputs may contain secrets, so we don't want to save them in the DB as plain text.
+              # It's safe to not save a pipeline-config because we are currently considering
+              # dropping the `p_ci_pipelines_config` table because it's not used anywhere.
+              # https://gitlab.com/gitlab-org/gitlab/-/issues/520828#note_2364398251
+              return if @command.inputs.present?
+              @pipeline.build_pipeline_config(content: pipeline_config.content, project_id: @pipeline.project_id)
+            end
          end
        end
      end

--- a/spec/lib/gitlab/ci/pipeline/chain/config/content_spec.rb
+++ b/spec/lib/gitlab/ci/pipeline/chain/config/content_spec.rb
@@ -177,7 +177,7 @@
          subject.perform!
          expect(pipeline.config_source).to eq 'repository_source'
-          expect(pipeline.pipeline_config.content).to eq(config_content_result)
+          expect(pipeline.pipeline_config).to be_nil
          expect(command.config_content).to eq(config_content_result)
          expect(command.pipeline_config.internal_include_prepended?).to eq(true)
          expect(command.pipeline_config.inputs_for_pipeline_creation).to eq({})
@@ -244,7 +244,7 @@
          subject.perform!
          expect(pipeline.config_source).to eq 'parameter_source'
-          expect(pipeline.pipeline_config.content).to eq(content)
+          expect(pipeline.pipeline_config).to be_nil
          expect(command.config_content).to eq(content)
          expect(command.pipeline_config.internal_include_prepended?).to eq(false)
          expect(command.pipeline_config.inputs_for_pipeline_creation).to eq(inputs)