Fix before_script of Secure test projects: fail when any command fails

Problem to solve

Many CI config files of the Secure test projects chain commands using &&, but this is error prone: if the first command fails, the job continues and it might even be successful.

See https://gitlab.com/gitlab-org/security-products/tests/js-npm/-/blob/05b1ff9cb6a0e53c0611a8e36317a3c71a9f6372/.gitlab-ci.yml:

gemnasium-dependency_scanning:
  before_script:
    - git clone https://gitlab.com/gitlab-org/security-products/gemnasium-db.git /gemnasium-db-gitrepo
    - git -C /gemnasium-db-gitrepo branch
    - apk update && apk add iptables
    - iptables -P INPUT DROP && iptables -P OUTPUT DROP
  variables:
    GEMNASIUM_DB_REMOTE_URL: "/gemnasium-db-gitrepo"

When the apk command can't be found, the job goes on and might be successful even though iptables can't be installed, and fails. See https://gitlab.com/gitlab-org/security-products/tests/js-npm/-/jobs/2760742705 and gitlab-org/security-products/analyzers/gemnasium!358 (comment 1036853257)

Proposal

Review the before_script params in all -FREEZE branches of the Secure test projects, and add parenthesis around commands chained using &&. See #369229 (comment 1047783734)

gemnasium-dependency_scanning:
  before_script:
    - git clone https://gitlab.com/gitlab-org/security-products/gemnasium-db.git /gemnasium-db-gitrepo
    - git -C /gemnasium-db-gitrepo branch
    - (apk update && apk add iptables)
    - iptables -P INPUT DROP && iptables -P OUTPUT DROP
  variables:
    GEMNASIUM_DB_REMOTE_URL: "/gemnasium-db-gitrepo"

/cc @brytannia @gonzoyumo @willmeek

Edited Aug 02, 2022 by Fabien Catteau