Fix definition of security related jobs

The jobs added with https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/1897
and https://gitlab.com/gitlab-org/gitlab-runner/-/merge_requests/2347
are causing a duplicate pipeline started for each branch push. It also
causes unwanted jobs to be started in context of the MR pipeline.

This commit will disable unwanted jobs and will add missing rules
definition to the fuzz testing one.
parent 84465002
......@@ -14,7 +14,10 @@ variables:
GIT_LFS_VERSION: "2.11.0"
LICENSE_MANAGEMENT_SETUP_CMD: echo "Skip setup. Dependency already vendored"
DOCS_GITLAB_REPO_SUFFIX: "runner"
SAST_DEFAULT_ANALYZERS: "gosec,secrets"
# We're overriding rules for the jobs that we want to run.
# This will disable all other rules.
SAST_DISABLED: "true"
DEPENDENCY_SCANNING_DISABLED: "true"
default:
image: $CI_IMAGE
......
......@@ -4,12 +4,13 @@ include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
.merge_request_pipelines_rules: &merge_request_pipelines_rules
- if: $CI_MERGE_REQUEST_ID
- if: $CI_COMMIT_BRANCH == "master" && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/ && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?\z/ && $CI_PROJECT_PATH == "gitlab-org/gitlab-runner"
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+?\z/ && $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner"
.merge_request_pipelines_rules:
rules: &merge_request_pipelines_rules
- if: $CI_MERGE_REQUEST_ID
- if: $CI_COMMIT_BRANCH == "master" && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/ && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?\z/ && $CI_PROJECT_PATH == "gitlab-org/gitlab-runner"
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+?\z/ && $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner"
# Overriding 'Dependency-Scanning.gitlab-ci.yml' template, because
# we need to replace the rules with our own, the same
......@@ -149,7 +150,9 @@ unit test with race:
TESTFLAGS: "-cover -race"
fuzz variable mask:
extends: .fuzz_base
extends:
- .fuzz_base
- .merge_request_pipelines_rules
image: golang:1.13
stage: test
script:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment