Skip to content
代码片段 群组 项目
未验证 提交 2ddb093e 编辑于 作者: Sashi Kumar Kumaresan's avatar Sashi Kumar Kumaresan 提交者: GitLab
浏览文件

Merge branch '472663-ignore-default-before-after-script-in-sep' into 'master'

Ignore default before and after_script for Scan Execution Policies

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/159486



Merged-by: default avatarSashi Kumar Kumaresan <skumar@gitlab.com>
Approved-by: default avatarMartin Čavoj <mcavoj@gitlab.com>
Approved-by: default avatarSashi Kumar Kumaresan <skumar@gitlab.com>
Reviewed-by: default avatarMartin Čavoj <mcavoj@gitlab.com>
Co-authored-by: default avatarAlan (Maciej) Paruszewski <mparuszewski@gitlab.com>
No related branches found
No related tags found
无相关合并请求
......@@ -27,6 +27,7 @@ def config
ci_configuration.each do |_, job_configuration|
apply_variables!(job_configuration, variables)
apply_tags!(job_configuration, @action[:tags])
apply_defaults!(job_configuration)
remove_extends!(job_configuration)
remove_rule_to_disable_job!(job_configuration, ci_variables)
end
......@@ -67,6 +68,11 @@ def apply_tags!(job_configuration, tags)
job_configuration[:tags] = tags
end
def apply_defaults!(job_configuration)
job_configuration[:before_script] ||= []
job_configuration[:after_script] ||= []
end
def remove_extends!(job_configuration)
job_configuration.delete(:extends)
end
......
......@@ -37,7 +37,9 @@ def prepare_on_demand_scan_configuration(action)
.deep_merge(
'stage' => 'dast',
'variables' => dast_on_demand_variables(action_variables),
'dast_configuration' => ci_configuration['dast']['dast_configuration']
'dast_configuration' => ci_configuration['dast']['dast_configuration'],
'before_script' => [],
'after_script' => []
)
end
......
......@@ -83,6 +83,8 @@
},
allow_failure: true,
script: ['/analyze'],
before_script: [],
after_script: [],
artifacts: { access: 'developer', reports: { dast: 'gl-dast-report.json' } },
dast_configuration: {
site_profile: dast_site_profile.name,
......
......@@ -292,6 +292,8 @@
},
allow_failure: true,
script: ['/analyze'],
before_script: [],
after_script: [],
artifacts: {
access: 'developer',
reports: {
......@@ -322,6 +324,8 @@
hash_including(
rules: [{ if: '$CI_COMMIT_BRANCH' }],
script: ["/analyzer run"],
before_script: [],
after_script: [],
stage: scan_policy_stage,
image: '$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION$SECRET_DETECTION_IMAGE_SUFFIX',
services: [],
......@@ -352,6 +356,8 @@
hash_including(
artifacts: { access: 'developer', reports: { sast: 'gl-sast-report.json' } },
script: ['/analyzer run'],
before_script: [],
after_script: [],
image: { name: '$SAST_ANALYZER_IMAGE' },
rules: [
{ if: '$CI_COMMIT_BRANCH', exists:
......
......@@ -119,6 +119,8 @@
expected_configuration = {
rules: [{ if: '$CI_COMMIT_BRANCH' }],
script: ["/analyzer run"],
before_script: [],
after_script: [],
tags: ['runner-tag'],
stage: 'test',
image: '$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION$SECRET_DETECTION_IMAGE_SUFFIX',
......@@ -179,6 +181,8 @@
},
dependencies: [],
script: ['gtcs scan'],
before_script: [],
after_script: [],
variables: {
CS_ANALYZER_IMAGE: "$CI_TEMPLATE_REGISTRY_HOST/security-products/container-scanning:7",
GIT_STRATEGY: 'fetch',
......
......@@ -69,6 +69,8 @@
},
allow_failure: true,
script: ['/analyze'],
before_script: [],
after_script: [],
artifacts: { access: 'developer', reports: { dast: 'gl-dast-report.json' } },
dast_configuration: { site_profile: site_profile.name, scanner_profile: scanner_profile.name },
rules: [
......
0% 加载中 .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册