No QA for Dependency Scanning in master branch of test projects
Summary
There's no QA job for Dependency Scanning (DS) in the pipelines of the test projects where DS has been set up, in the master
branch. That's because DS_DISABLE_DIND
is now true
by default, and the pipeline has multiple DS jobs, but there's only one single QA job that won't work in no-DinD mode. DS_DISABLE_DIND
has to be forced to false
so that the master
branch checks DS in DinD mode.
See #218773 (closed) for similar issue affecting SAST.
Steps to reproduce
trigger a pipeline for the master
branch of a test project and look for qa-dependency-scanning
jobs
Example Project
https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/pipelines/147778450
What is the current bug behavior?
no Dependency Scanning QA job
What is the expected correct behavior?
successful Dependency Scanning QA job
Relevant logs and/or screenshots
https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/pipelines/147778450
Possible fixes
Force DS_DISABLE_DIND
to false
in the master
branches of the test projects where Dependency Scanning is performed.
Alternatively, this can be set at the group level for the time being, until we merge the We cannot set the variable at the group level because it takes precedence over the variable defines in the CI configuration file, in the no_dind-FREEZE
branches into master.no_dind-FREEZE
branch.