Prepare secret-detection CI component for GA

Overview

This issue is used to keep track of all action items resulting from the validation process of the newly created secret-detection CI component in this thread. This happens as part of the dog-fooding of some CI components created by converting existing CI templates into components as we work on compiling a catalog of CI components and prepare them for GA (General Audience).

Issues

1️⃣ SECRET_DETECTION_DISABLED

Using the following snippet to disable the secret_detection job as per the component's README does not work:

include:
  - component: gitlab.com/gitlab-components/secret-detection@main
    rules:
      - if: $SECRET_DETECTION_DISABLED != "true"

Instead, users of the component need to use when: never in addition to include:rules as follows:

include:
  - component: gitlab.com/gitlab-components/secret-detection@main
    rules:
      - if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1"
        when: never

And also define the variable in their .gitlab-ci.yml file:

variables:
  SECRET_DETECTION_DISABLED: 'true'

2️⃣ SECURE_ANALYZERS_PREFIX, SECRET_DETECTION_IMAGE_SUFFIX, and SECRETS_ANALYZER_VERSION

These variable was removed in favour of using corresponding inputs in line with the guidelines to replace variables with inputs in case they are only used for YAML evaluation and not at runtime:

Variable Corresponding Input
SECURE_ANALYZERS_PREFIX image_prefix
SECRET_DETECTION_IMAGE_SUFFIX image_suffix
SECRETS_ANALYZER_VERSION image_tag

Action Items

  • Update the component's README to show how to properly use SECRET_DETECTION_DISABLED.
  • Update documentation to ensure:
    • Users are aware of variables replaced with inputs and when to use which.
    • Users are aware of how to use SECRET_DETECTION_DISABLED as shown in the component's README.
  • Review this comment and consider setting allow_failure to false for secret_detection job:
    • Keeping allow_failure: true to not divert so much from the template for now.
Edited by Ahmed Hemdan