DAST jobs is failing in CE/EE pipelines for merged results

Summary

CI pipelines on GitLab CE/EE have their dast jobs constantly failing on master because of empty DAST_WEBSITE env variable which should contain the URL of the review app to scan.

Steps to reproduce

Examine any merge request for GitLab EE or GitLab CE which is merged to the master branch and its pipeline for merged results execution. Example MR.

What is the current bug behavior?

DAST job is running for master but fails since DAST_WEBSITE env variable is empty.

What is the expected correct behavior?

DAST job is skipped from running on CE/EE master.

Relevant logs and/or screenshots

• Example job (EE): https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/281760930
• Example job (CE): https://gitlab.com/gitlab-org/gitlab-ce/-/jobs/282266642

Output of checks

This bug is related to on GitLab.com CI setup

Further details

Apparently, this happens for pipelines for merged results running on master https://docs.gitlab.com/ee/ci/merge_request_pipelines/pipelines_for_merged_results/#pipelines-for-merged-results-premium. Since master has review app associated, the review_app_url.txt and environment_url.txt are empty/missing and DAST_WEBSITE env variable is empty.

Possible fixes

DAST job is skipped from running on master by leveraging the DAST_DISABLED env variable in the CI config