Use DS_ANALYZER_IMAGE in Dependency Scanning QA
Summary
Update the CI configuration of the Dependency Scanning analyzer projects to set the DS_ANALYZER_IMAGE
variable when triggering the downstream test project, when doing QA. Also, remove analyzer-specific variables like GEMNASIUM_IMAGE
from the CI configuration of the test projects used for DS QA.
See !39875 (diffs, comment 403853855)
Migration steps:
- update CI config of analyzer projects to set
DS_ANALYZER_IMAGE
when triggering downstream pipelines (test projects); the existing analyzer-specific variables are still set - update test projects and remove analyzer-specific
*_IMAGE
variables from job definitions - update CI config of analyzer projects, and do not set analyzer-specific vars when triggering downstream pipelines
This has been tested https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/708647928. See also https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/commits/no_dind-DS_ANALYZER_IMAGE and https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/commits/qa-with-DS_ANALYZER_IMAGE.
Improvements
- leverage the documented variable
DS_ANALYZER_IMAGE
introduced in !39875 (diffs, comment 399572481) - simply the CI configuration of the test projects by removing analyzer-specific variables like
GEMNASIUM_IMAGE
Risks
If not properly handled, this change might break the pipeline of the DS analyzer project. There's not risk to break user-facing features.
Involved components
- Dependency Scanning analyzers
- the test projects they use
Optional: Intended side effects
Optional: Missing test coverage
None