Skip to content

Upgrade secure analyzer projects to report v6.0.0 and integration-test v2

Proposal

Now that Bump security report schema revision version (gitlab-org/security-products/analyzers/report!117 - merged) • Shao Ming Tan has been merged and report v6.0.0 has been released, we need to:

  1. Bump the report package to v6.0.0 and the command package to v4.0.0 in all of our analyzer projects.
  2. Regenerate all the expectations in our analyzer projects, because the schema version value has changed from 15.1.4 to 15.2.2.

We can leverage Add ability for image integration test to regen... (#407122 - closed) • Adam Cohen • 18.3 to easily address item 2.

Implementation Plan

  1. Migrate the following projects to integration-test v2 and bump the report package to v6:

    Migration Steps:

    1. Update image reference in the integration-test to point to the integration-test:2 image:

       integration-test:
   image:
-    name: registry.gitlab.com/gitlab-org/security-products/analyzers/integration-test:stable
+    name: registry.gitlab.com/gitlab-org/security-products/analyzers/integration-test:2
   services:
     - docker:27-dind
   variables:

    2. Replace all occurrences of recorded_report with expectation_path in spec/<project>_image_spec.rb:

      +    let(:report_name) { 'gl-sast-report.json'}

     context 'with ansible' do
       let(:project) { 'ansible' }

       context 'by default' do
+        let(:expectation_path) { File.join(expectations_dir, project, 'default', report_name) }
         it_behaves_like 'successful scan'

         describe 'created report' do
           it_behaves_like 'non-empty report'
-
-          it_behaves_like 'recorded report' do
-            let(:recorded_report) { sorted_report(parse_expected_report('ansible/default')) }
-          end
-
+          it_behaves_like 'recorded report'
           it_behaves_like 'valid report'
         end
       end

    3. Remove the parse_expected_report function from all specs.

  2. Regenerate all the expectations:

    docker run -it --rm -v "$PWD:$PWD" -w "$PWD" \
  -e TMP_IMAGE=<project-image> \
  -e REFRESH_EXPECTED=true \
  -v /var/run/docker.sock:/var/run/docker.sock \
  registry.gitlab.com/gitlab-org/security-products/analyzers/integration-test:2 rspec spec/<project>_image_spec.rb
Edited by Adam Cohen