Remove the DAST scheduled release process

Problem to solve

A recent incident gitlab-com/gl-infra/production#1246 (closed) highlighted some issues related to releasing DAST on a scheduled basis.

To summarise the incident:

• A broken change was committed to master.
• The scheduler automatically released the broken change.

Releasing should be intentional. This will give DAST engineers an opportunity to test changes before go live. For risky features, engineers can choose to delay a release to have more opportunity to use the feature and find issues.

The scheduler also updated the latest tagged version of DAST. For example, DAST version 1.5.1 is released based on the git tag v1.5.1. When the scheduler runs, it updates the 1.5.1 DAST docker tag from a build using the latest commit in master. This means that our clients cannot pin to a particular version of DAST, because it gets changed anyway.

The original intention of the scheduler was to make it easy to update DAST with the latest ZAProxy weekly base image. Since this time, the ZAProxy base image has been pinned to a specific week. This reduces the risk of releasing a broken image (it's broken at the time of writing).

Proposal

• Delete the scheduler setup in DAST Gitlab CI.
• Revert gitlab-org/security-products/dast@3d938a6f to remove the scheduled build.