Terraform pipeline: disable jobs if CI_PIPELINE_SOURCE is not "push"

The terraform-{plan,apply}-{development,staging,production} jobs have rules like the following:

terraform-apply-development:
  extends: .terraform-apply
  stage: review
  rules:
    - if: $TERRAFORM_APPLY_DEVELOPMENT_DISABLED
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_TAG
      when: manual
      # This is currently the only way to allow the pipeline to succeed if the optional manual development apply job was
      # not triggered. See the following issue for context - https://gitlab.com/gitlab-org/gitlab/-/issues/249524.
      allow_failure: true
    - when: never
  variables:
    DEPLOYMENT_ENVIRONMENT: development
  needs:
    - terraform-plan-development

If a job is triggered from something other than a push event but is still running on the default branch. (Such as, for example, a scheduled CI pipeline.) These jobs will continue to run.

For the terraform-{plan,apply}-{development,staging,production} jobs add a rule similar to the following:

rules:
  - if: $CI_PIPELINE_SOURCE != "push"
    when: never

Admin message

Terraform pipeline: disable jobs if CI_PIPELINE_SOURCE is not "push"