From 14193cf378f9a97f123408a06c265f79e4ed42e8 Mon Sep 17 00:00:00 2001
From: Nick Malcolm <nmalcolm@gitlab.com>
Date: Tue, 4 Jul 2023 13:27:51 +0000
Subject: [PATCH] Trigger depSASTer downstream when Gemfile.checksum changes

---
 .gitlab/ci/rules.gitlab-ci.yml           | 11 +++++++++++
 .gitlab/ci/static-analysis.gitlab-ci.yml | 10 ++++++++++
 2 files changed, 21 insertions(+)

diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml
index a4addfce49172..083dd8be613e4 100644
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -2104,6 +2104,17 @@
     - <<: *if-merge-request
       changes: *static-analysis-patterns
 
+.static-analysis:rules:trigger-depsaster:
+  rules:
+    - if: $ENABLE_DEPSASTER != 'true'
+      when: never
+    - <<: *if-fork-merge-request
+      when: never
+    - <<: *if-not-ee
+      when: never
+    - <<: *if-merge-request
+      changes: ["**/Gemfile.checksum"]
+
 .semgrep-appsec-custom-rules:rules:
   rules:
     - <<: *if-not-ee
diff --git a/.gitlab/ci/static-analysis.gitlab-ci.yml b/.gitlab/ci/static-analysis.gitlab-ci.yml
index b351a63ecf0a7..7db853e51fd44 100644
--- a/.gitlab/ci/static-analysis.gitlab-ci.yml
+++ b/.gitlab/ci/static-analysis.gitlab-ci.yml
@@ -217,3 +217,13 @@ ping-appsec-for-sast-findings:
   script:
     - apk add jq curl
     - scripts/process_custom_semgrep_results.sh
+
+trigger-depsaster:
+  extends: .static-analysis:rules:trigger-depsaster
+  stage: lint
+  variables:
+    MERGE_REQUEST_PROJECT_ID: $CI_MERGE_REQUEST_PROJECT_ID
+    MERGE_REQUEST_IID: $CI_MERGE_REQUEST_IID
+  trigger:
+    project: "gitlab-com/gl-security/appsec/tooling/depsaster"
+  allow_failure: true
-- 
GitLab