Skip unchanged renamed files in secrets check
What does this MR do and why?
This MR addresses two issues:
Unchanged renamed file cause subsequent files not to be scanned
This MR addresses a bug in SPP when the FF secret_detection_transition_to_raw_info_gitaly_endpoint is disabled (which is currently the default).
Addresses 500 caused by renamed files when secret_detection_transition_to_raw_info_gitaly_endpoint is enabled
This MR also updates the Gitaly::ChangedPaths params to include old_path when the file is being renamed which is the first step in addressing the issues resulting from https://app.incident.io/gitlab/incidents/3541.
This change does address the root cause of the problem but I will be adding further testing and will include this suggestion before turning the feature flag on.
References
- SPP - Switch to using raw_info in DiffBlobs RPC... (#554662) • Craig Smith • Backlog • At risk
- SPP does not block push when commit includes a ... (#567269 - closed) • Craig Smith • 18.6
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Craig Smith