Prepare secret-detection CI component for GA
Overview
This issue is used to keep track of all action items resulting from the validation process of the newly created secret-detection CI component in this thread. This happens as part of the dog-fooding of some CI components created by converting existing CI templates into components as we work on compiling a catalog of CI components and prepare them for GA (General Audience).
Issues
SECRET_DETECTION_DISABLED
Using the following snippet to disable the secret_detection
job as per the component's README does not work:
include:
- component: gitlab.com/gitlab-components/secret-detection@main
rules:
- if: $SECRET_DETECTION_DISABLED != "true"
Instead, users of the component need to use when: never
in addition to include:rules
as follows:
include:
- component: gitlab.com/gitlab-components/secret-detection@main
rules:
- if: $SECRET_DETECTION_DISABLED == "true" || $SECRET_DETECTION_DISABLED == "1"
when: never
And also define the variable in their .gitlab-ci.yml
file:
variables:
SECRET_DETECTION_DISABLED: 'true'
SECURE_ANALYZERS_PREFIX
, SECRET_DETECTION_IMAGE_SUFFIX
, and SECRETS_ANALYZER_VERSION
These variable was removed in favour of using corresponding inputs in line with the guidelines to replace variables with inputs in case they are only used for YAML
evaluation and not at runtime:
Variable | Corresponding Input |
---|---|
SECURE_ANALYZERS_PREFIX |
image_prefix |
SECRET_DETECTION_IMAGE_SUFFIX |
image_suffix |
SECRETS_ANALYZER_VERSION |
image_tag |
Action Items
-
Update the component's README to show how to properly use
SECRET_DETECTION_DISABLED
.- Note: Done via gitlab-components/secret-detection!2 (merged).
-
Update documentation to ensure:
- Users are aware of variables replaced with inputs and when to use which.
-
Users are aware of how to use
SECRET_DETECTION_DISABLED
as shown in the component's README.
-
Review this comment and consider setting
allow_failure
tofalse
forsecret_detection
job:- Keeping
allow_failure: true
to not divert so much from the template for now.
- Keeping