Update DS CI template to use a single rules:exists glob
What does this MR do and why?
All Dependency Scanning(DS) analyzer jobs ie gemnasium, gemnasium-maven, gemnasium-sbt, are being triggered for users with large projects even if the analyzer is irrelevant to the project. See this comment for full context.
This is because DS uses rules:exists which has a 10k limit check. The 10k checks are counted by the glob path patterns times the number of files in the repo. For projects with many files, the job is triggered if the 10k limit is exceeded.
As each DS job is configured to match multiple glob path patterns in the rules:exists array, this reduces the upper limit of project file size before all jobs are triggered:
-
gemnasiumhas 10glob path patternswhich meansproject file size upper limit before job runsis999 -
gemnasium-mavenhas 4glob path patternswhich meansproject file size upper limit before job runsis2499 -
gemnasium-pythonhas 7glob path patternswhich meansproject file size upper limit before job runsis1428
This MR as proposed by @bwill in this comment combines the multiple glob path patterns into a single glob path pattern which significantly increases the upper limit of project file size before all DS jobs are triggered.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
Validation of template change
- I previously created a maven project
- The pipeline that uses the existing DS ci-template starts both the
gemnasiumandgemnasium-mavenjob - I started another pipeline with the DS ci-template from this MR and only the
gemnasium-mavenjob is started.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a project