Create shared offline set up script for dependency scanning test projects
Why are we doing this work
Our test projects are used to catch bugs for a variety of features such as Container Scanning, Dependency Scanning,
SAST, and many more. Most, if not all, of our features support offline analysis, and as a result the test project pipelines
also emulate an offline environment to ensure that analysis works offline. Unfortunately, issues have been
discovered in the offline environment set up process which are silently failing.
Fixing this issue has been a tedious task due to the decentralized nature of the implementation. Since every test project
holds an individual copy of the offline set-up process, changes need to be propagated manually across each one. A manual
process like this one is error-prone, and slow to complete. Therefore, we should migrate the projects to use a tested script
from the ci-templates
project instead.
Relevant links
Relates to Secure Test Projects - iptables silently failin... (#389449 - closed) Relates to Create automated jobs for continual testing of ... (#212586 - closed)
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing: Test both default and FIPS images.
Implementation plan
- Copy the offline script in the
java-maven
offline branch to theci-templates
project. - Update the
offline-FREEZE
branches of the test projects so that they download the script instead of using an inline YAML version.
Verification steps
- The pipelines should run successfully on both default and FIPS images when testing dependency scanning offline.
- For FIPS mode, the
ubi8-minimal
images require an older version of theiptables
package for it to work on our runners. Theiptables
issue was discussed and fixed in gitlab-org/security-products/tests/scala-sbt!79 (comment 1488076828).
- For FIPS mode, the
- The nightly runs for the secure-test-project-orchestrator should run without issues. Note that this might not be possible if #389449 (comment 1513705132) is still impacting the script.