Trigger depSASTer downstream when Gemfile.checksum changes

14193cf3 · Nick Malcolm · Rémy Coutable · 92119f3a · 14193cf3 · 14193cf3
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -2104,6 +2104,17 @@
    - <<: *if-merge-request
      changes: *static-analysis-patterns
+.static-analysis:rules:trigger-depsaster:
+  rules:
+    - if: $ENABLE_DEPSASTER != 'true'
+      when: never
+    - <<: *if-fork-merge-request
+      when: never
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request
+      changes: ["**/Gemfile.checksum"]
 .semgrep-appsec-custom-rules:rules:
  rules:
    - <<: *if-not-ee

--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@@ -217,3 +217,13 @@ ping-appsec-for-sast-findings:
  script:
    - apk add jq curl
    - scripts/process_custom_semgrep_results.sh
+trigger-depsaster:
+  extends: .static-analysis:rules:trigger-depsaster
+  stage: lint
+  variables:
+    MERGE_REQUEST_PROJECT_ID: $CI_MERGE_REQUEST_PROJECT_ID
+    MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
+  trigger:
+    project: "gitlab-com/gl-security/appsec/tooling/depsaster"
+  allow_failure: true