Update Secret Detection template
What does this MR do and why?
This issue should fix the following issues:
In order to prep the Secret Detection job's git environment, we need to use some Predefined Environment Variables and enable merge request pipelines so that the job has access to Merge Request Environment Variables.
The two important env vars we need are CI_COMMIT_BEFORE_SHA and CI_MERGE_REQUEST_TARGET_BRANCH_NAME.
-
CI_COMMIT_BEFORE_SHAis used for push events and give us the ancestor commit we should use withCI_COMMIT_SHAin thegit log ${CI_COMMIT_BEFORE_SHA}..${CI_COMMIT_SHA}command. -
CI_MERGE_REQUEST_TARGET_BRANCH_NAMEis used for merge requests which allows us to determine the range of commits for an MR. Before we were incorrectly usingCI_DEFAULT_REF, which in some cases would give incorrect results depending on the git development process (usingmainand the default branch anddevelopas the development branch that all story/feature branches get merged into).
Screenshots or screen recordings
- MR event example: https://gitlab.com/gitlab-org/security-products/tests/secrets/-/jobs/2064659355
- Push event example: https://gitlab.com/gitlab-org/security-products/tests/secrets/-/jobs/2150608987
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Merge request reports
Activity
changed milestone to %14.8
assigned to @zrice
added typefeature label
- A deleted user
added citemplates label
2 Warnings 
featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart.
For more information, see:
- The Handbook page on merge request types.
- The definition of done documentation.
You've made some app changes, but didn't add any tests.
That's OK as long as you're refactoring existing code,
but please consider adding any of the ~"type::tooling", ~"tooling::pipelines", ~"tooling::workflow", documentation, QA labels.1 Message 
This merge request adds or changes files that require a review from the CI/CD Templates maintainers. This merge request requires a CI/CD Template review. To make sure these changes are reviewed, take the following steps:
- Ensure the merge request has the citemplates label. If the merge request modifies CI/CD Template files, Danger will do this for you.
- Prepare your MR for a CI/CD Template review according to the template development guide.
- Assign and
@mention the CI/CD Template reviewer suggested by Reviewer Roulette.
The following files require a review from the CI/CD Templates maintainers:
lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml
Reviewer roulette
Changes that require review have been detected!
Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:
Category Reviewer Maintainer citemplates Hordur Freyr Yngvason ( @hfyngvason) (UTC-5, 1 hour ahead of@zrice)Matija Čupić ( @matteeyah) (UTC+1, 7 hours ahead of@zrice)To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.
To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.
Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.
Generated by
@matteeyah this pipeline passes no problem. WDYT about moving forward with this MR instead?
requested review from @matteeyah
Setting label(s) devopssecure based on groupstatic analysis.
added devopssecure label
-
@matteeyah, thanks for approving this merge request.This is the first time the merge request is approved. To ensure full test coverage, a new pipeline has been started.
For more info, please refer to the following links:
Looks good on the citemplates side of things, thanks Zach.
To explain further why I wanted to change the rules updates from the script updates - In case there's a problem with one of them and we need to revert this, we'll have to revert both changes instead of compartmentalizing and reverting just one (which is more work for the author).
removed review request for @matteeyah
- Resolved by Marcel Amirault
@vij would you mind giving this a backend review? For more discussion you can see a previously open MR with these changes: !79985 (closed)
Edited by Zach Rice - Last reply by Matija Čupić
requested review from @vij
mentioned in merge request !79985 (closed)
mentioned in issue #351693 (closed)
mentioned in issue #352565 (closed)
requested review from @marcel.amirault and removed review request for @vij
mentioned in issue #350660 (closed)
removed review request for @marcel.amirault
mentioned in issue biomedit/portal#539 (closed)
mentioned in issue #254199 (closed)
mentioned in issue #350573 (closed)
changed milestone to %14.9
added missed:14.8 label
requested review from @marcel.amirault
removed review request for @marcel.amirault
requested review from @marcel.amirault
removed review request for @marcel.amirault
requested review from @marcel.amirault
requested review from @matteeyah and removed review request for @marcel.amirault
removed review request for @matteeyah
added 1 commit
- ebc2e2dd - Consistent newlines, re-enable failure on exit
requested review from @marcel.amirault, @theoretick, and @matteeyah
removed review request for @theoretick
removed review request for @marcel.amirault
removed review request for @matteeyah
requested review from @marcel.amirault
mentioned in merge request !81847 (merged)
mentioned in issue #354078
-
@zrice Thank you so much for all the hard work and sticking through with it! (also, thanks for your patience with my reviews, takes me a bit longer than the engineers that think code all day every day
enabled an automatic merge when the pipeline for b66f7e9a succeeds
mentioned in commit 46fa0357
mentioned in merge request !80435 (merged)
added workflowstaging-canary label
added workflowstaging label and removed workflowstaging-canary label
added workflowcanary label and removed workflowstaging label
mentioned in merge request !72689 (closed)
added workflowproduction label and removed workflowcanary label
mentioned in issue #351976 (closed)
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label
mentioned in issue #356093 (closed)
mentioned in merge request kubitus-project/kubitus-installer!797 (merged)
mentioned in commit vishwin/freebsd-ports@c617954a
mentioned in issue #357453 (closed)
mentioned in merge request gitlab-com/www-gitlab-com!113192 (merged)
