### Overview We want to run the Code Climate scan on gitlab.com shared runners without requiring docker-in-docker. There are several reasons that we want to run the codequality job without using DinD. These include: * For security reasons, customers on self-hosted instances or on dot com with their own runners may disable the privileged option on their runners * The code quality job startup time can be slow, when using DinD (https://gitlab.com/gitlab-org/gitlab/-/issues/233001) * (Potentially) The code quality job is difficult to configure for runners that are spun up in Kubernetes (https://gitlab.com/gitlab-org/gitlab/-/issues/29976#note_421638881) * Users who use Kubernetes runners may no longer have access to Docker-in-Docker due to the Kubernetes community's move toward CRI-O and containerd. For example, Amazon EKS [no longer supports Docker in Kubernetes v1.22 and above](https://aws.amazon.com/blogs/containers/amazon-eks-1-21-released/). ### Intended users * [Delaney (Development Team Lead)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#delaney-development-team-lead) * [Sasha (Software Developer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sasha-software-developer) * [Devon (DevOps Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#devon-devops-engineer) * [Sidney (Systems Administrator)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#sidney-systems-administrator) * [Priyanka (Platform Engineer)](https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/#priyanka-platform-engineer) ### User experience goal The default code quality template should be widely usable in more situations than it is now, including where: * Running a privileged runner is undesirable * Speed of pipeline is important * Runners are spun up in Kubernetes ### Proposal The SAST job has previously been through this conversion (https://gitlab.com/gitlab-org/gitlab/-/issues/10796), we may be able to leverage the work that was done there in order to convert the codequality job. However, we may not be able to, since the code climate scan is distributed as an image as mentioned [here](https://gitlab.com/gitlab-org/gitlab/-/issues/9784#note_365705689). Some number of gitlab.com runners should be setup to run code quality jobs without utilizing DinD. ### Documentation CodeQuality documentation would need to be revised to remove mentions of DinD workflow. <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/workflow.html#for-a-product-change * Add all known Documentation Requirements in this section. See https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements * If this feature requires changing permissions, update the permissions document. See https://docs.gitlab.com/ee/user/permissions.html --> ### Availability & Testing <!-- This section needs to be retained and filled in during the workflow planning breakdown phase of this feature proposal, if not earlier. What risks does this change pose to our availability? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? Please list the test areas (unit, integration and end-to-end) that needs to be added or updated to ensure that this feature will work as intended. Please use the list below as guidance. * Unit test changes * Integration test changes * End-to-end test change See the test engineering planning process and reach out to your counterpart Software Engineer in Test for assistance: https://about.gitlab.com/handbook/engineering/quality/test-engineering/#test-planning --> ### What does success look like, and how can we measure that? <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. Create tracking issue using the the Snowplow event tracking template. See https://gitlab.com/gitlab-org/gitlab/-/blob/master/.gitlab/issue_templates/Snowplow%20event%20tracking.md --> ### What is the type of buyer? <!-- What is the buyer persona for this feature? See https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/buyer-persona/ In which enterprise tier should this feature go? See https://about.gitlab.com/handbook/product/pricing/#four-tiers --> ### Is this a cross-stage feature? <!-- Communicate if this change will affect multiple Stage Groups or product areas. We recommend always start with the assumption that a feature request will have an impact into another Group. Loop in the most relevant PM and Product Designer from that Group to provide strategic support to help align the Group's broader plan and vision, as well as to avoid UX and technical debt. https://about.gitlab.com/handbook/product/#cross-stage-features --> ### Links / references ### Original <details> ### Problem to solve For security reason, my company disabled the privileged option (https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-runnersdocker-section). Cound you please add a way to run codequality and ~~sast~~ without using docker in docker (and without private runner). ### Links / references DinD requirement for SAST was removed with completion of #10796 </details>