SAST/DS Downstream projects do not use branch image, defaulting to major
Summary
When the development process for devopssecure moved from DinD to No-DinD we introduced a regression where our downstream projects do not pull the tmp image generated from a built branch but instead default to the major version.
With DinD we utilized DS_ANALYZER_IMAGES
and SAST_ANALYZER_IMAGES
but that variable is handled by common/orchestrator
and ignored for no-dind behavior, which instead relies on the hardcoded image.name
.
Steps to reproduce
(How one can reproduce the issue - this is very important)
Example Project
Example pipeline from feature branch, note the downstream fetches brakeman:2
https://gitlab.com/gitlab-org/security-products/analyzers/brakeman/-/pipelines/177770978
What is the current bug behavior?
When triggering downstream projects during analyzer development, the downstream projects fetch the analyzer image matching the major version.
What is the expected correct behavior?
When triggering downstream projects during analyzer development, the downstream projects should fetch the analyzer image matching the given feature branch.
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)