ci: Fix FIPS jobs failing in forks of Gitalypks-ci-fix-fips-runners-in-forks

With 72497fc37 (ci: Add jobs which exercise Gitaly in FIPS mode,
2022-06-14), we have added a set of jobs which exercise Gitaly in FIPS
mode. These jobs require a special runner that has booted into FIPS mode
itself. Gitaly has been manually assigned such runners, but they are not
generally available for any of Gitaly's forks. Consequentially, trying
to run these jobs in any of our forks will eventually cause them to time
out because no runner could be acquired. And because our first job rule
for the FIPS jobs will automatically run when changes are merged to the
default branch, this causes pipelines to fail in our forks.

Fix this issue by only automatically creating these jobs when run in the
"official" repository. In case we're not running in that repository
we'll instead just create these jobs with a manual trigger.

1 files changed, 8 insertions, 0 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index cdc5b575a..f14361e56 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -270,6 +270,14 @@ test:fips:
       - TEST_TARGET: [ test, test-with-praefect ]
         FIPS_MODE: "YesPlease"
   rules:
+    # When running in a fork of Gitaly we don't have the runners available, and
+    # consequentially this job would fail anyway. So we configure the job to be
+    # a manual one in that case.
+    - if: $CI_PROJECT_PATH != "gitlab-org/gitaly"
+      when: manual
+      allow_failure: true
+    # Otherwise, we automatically run the job when either merging to the
+    # default branch or when the merge request has a FIPS label.
     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
     - if: $CI_MERGE_REQUEST_LABELS =~ /FIPS/
     - if: $CI_PIPELINE_SOURCE == "merge_request_event"