Secret detection no run on tag
What does this MR do?
This MR prevents the secret_detection
job from being run on pipelines when $CI_COMMIT_TAG
. When $CI_COMMIT_TAG
is set, it is used as $CI_COMMIT_REF_NAME
as well which causes the line that produces a list of commits with git log
to fail.
related issue: #263711 (closed)
Screenshots (strongly suggested)
Pipeline where $CI_COMMIT_TAG
and $CI_COMMIT_BRANCH
are both set
https://gitlab.com/zrice/secrets/-/pipelines/238792278
Pipeline where $CI_COMMIT_BRANCH
is set but $CI_COMMIT_TAG
is not (this is the default behavior), just demonstrating this works as intended.
https://gitlab.com/zrice/secrets/-/pipelines/238794291
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team