Use security policy job name index pattern for custom yaml
CI jobs defined via the custom yaml feature should use the security policy index pattern. For example when a job with name run tests
is defined in the projects .gitlab-ci.yaml
and in a security policy, the policy job should run under run tests-0
in the resulting pipeline.
Jobs should be executed in a way that is visible to users within the pipeline and that will not allow project jobs to override the SEP jobs. In scan execution policies today, we utilize the index pattern (
-0
,-1
,-2
,...) to increment the name of the job if a job of the same name exists. This also gives some minor indication of which jobs are executed by a security policy. For custom yaml jobs, the same pattern should be utilized.
In case of a conflict, another -{{index}}
will be added to the job name. For example, if a project CI defined a job named job-0
and the security policy contains a job called job
that would result in job-0
. The merging strategy will add another -0
to the job name, resulting in job-0-0
.