Decide what to do with `dependency_scanning` and `code_quality` CI jobs
What is this issue for?
As of !47586 (merged), the dependency_scanning
and code_quality
jobs are now the bottleneck if the review app is skipped. Without those, the total pipeline build time would be under 7 minutes.
Furthermore, nobody (as far as I know) is looking at the reports these jobs generate or fixing the errors anyway:
- https://gitlab.com/gitlab-com/www-gitlab-com/pipelines/139405308/security
- https://gitlab.com/gitlab-com/www-gitlab-com/pipelines/139405308/codequality_report
Should we just disable them (along with the integration tests which are still disabled)? Or only run them periodically against master?
UPDATE: They have been changed to a manual trigger
Also, I'm now wondering how consistent the rubocop
/eslint
settings are with the code_quality
settings. I just noticed that the code_quality
job is complaining about several things in my recent commits (e.g. too many arguments or too many lines per method) which rubocop
didn't care about.
Related Problems
The Security Scanning "Exclamation Mark" on MRs is also a "Broken Window" which can cause people to ignore other, real problems. E.g. see this slack thread:
I guess the black "exclamation mark"
❕ should have been an indicator, but I'm used to ignoring the one for security scanning ... so I ignored this one too.
Related Issues
This is a follow-on Merge request out of this discussion: !47586 (comment 331339792)