cicd: fix cicd image building jobs constantly triggering on non-MR-push events

It was reported that CICD jobs are being triggered for every event to the template regardless of whether the concerned commits made any changes to cicd/docker_targets/**/* or set ENABLE_STAGE_CICD or both.

@melvin pointed out that the problem may be the misuse of https://git.mel.vin/help/ci/yaml/README.md#using-onlychanges-without-pipelines-for-merge-requests.

Without pipelines for merge requests, pipelines run on branches or tags that don't have an explicit association with a merge request. In this case, a previous SHA is used to calculate the diff, which equivalent to git diff HEAD~. This could result in some unexpected behavior, including:

When pushing a new branch or a new tag to GitLab, the policy always evaluates to true.

When pushing a new commit, the changed files are calculated using the previous commit as the base SHA.

Master currently has the following piece of code which may potentially be the problem. It runs on everything but the MR event to avoid detached pipelines as discussed in https://git.mel.vin/template/c/merge_requests/124#note_9889

workflow:
  rules:
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
    - when: always

@melvin also pointed out the following on https://git.mel.vin/template/c/merge_requests/124#note_9920

We need to verify the behaviour of a multi-commit push where the older commit touches docker targets but the newest one (HEAD) does not. In such a push it has to take into consideration the "full push diff" to determine whether image building jobs should run.

If it does not work, we will have to switch to MR style detection only, also described on that page. In that case we run image jobs ONLY for MRs with matching changes and master. It will NOT be possible to run image jobs for standalone branches without a MR automatically. For standalone branches, the jobs should instead end up being a manual trigger, which should always be the case when there is no automatic trigger.

Run "pipeline for merge requests" only on merge requests https://git.mel.vin/help/ci/merge_request_pipelines/index.md#pipelines-for-merge-requests
Do not run standard pipelines for push events on merge requests
Run standard pipeline on pushes to the default branch (master)

Edited Feb 16, 2020 by Renken