Commit d82982e2 authored by Steve Azzopardi's avatar Steve Azzopardi

Merge branch 'fix-secure-jobs-definitions' into 'master'

Fix definition of security related jobs

Closes #27122

See merge request gitlab-org/gitlab-runner!2499
parents 40b2c95b 5903de28
......@@ -14,7 +14,10 @@ variables:
GIT_LFS_VERSION: "2.11.0"
LICENSE_MANAGEMENT_SETUP_CMD: echo "Skip setup. Dependency already vendored"
DOCS_GITLAB_REPO_SUFFIX: "runner"
SAST_DEFAULT_ANALYZERS: "gosec,secrets"
# We're overriding rules for the jobs that we want to run.
# This will disable all other rules.
SAST_DISABLED: "true"
DEPENDENCY_SCANNING_DISABLED: "true"
default:
image: $CI_IMAGE
......
......@@ -4,12 +4,13 @@ include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
.merge_request_pipelines_rules: &merge_request_pipelines_rules
- if: $CI_MERGE_REQUEST_ID
- if: $CI_COMMIT_BRANCH == "master" && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/ && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?\z/ && $CI_PROJECT_PATH == "gitlab-org/gitlab-runner"
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+?\z/ && $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner"
.merge_request_pipelines_rules:
rules: &merge_request_pipelines_rules
- if: $CI_MERGE_REQUEST_ID
- if: $CI_COMMIT_BRANCH == "master" && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/ && ($CI_PROJECT_PATH == "gitlab-org/gitlab-runner" || $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner")
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?\z/ && $CI_PROJECT_PATH == "gitlab-org/gitlab-runner"
- if: $CI_COMMIT_REF_NAME =~ /\Av[0-9]+\.[0-9]+\.[0-9]+?\z/ && $CI_PROJECT_PATH == "gitlab-org/security/gitlab-runner"
# Overriding 'Dependency-Scanning.gitlab-ci.yml' template, because
# we need to replace the rules with our own, the same
......@@ -149,7 +150,9 @@ unit test with race:
TESTFLAGS: "-cover -race"
fuzz variable mask:
extends: .fuzz_base
extends:
- .fuzz_base
- .merge_request_pipelines_rules
image: golang:1.13
stage: test
script:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment