Breaking Change 13.0: Transition security scanning CI templates from only/except to rules syntax
What
Per gitlab-com/Product#1127 (comment 334238077), this issue captures the rollout of a breaking change to our vendored CI templates in %13.0.
Discussion for these changes is captured in gitlab-org&2300 (closed).
Breaking Change
By transitioning vendored templates from the deprecated only
and except
syntax to rules
any customer who is overriding the default template conditions with custom only/except logic will experience a pipeline failure.
Potential Impact to GitLab.com
Certain Customer pipelines begin to report invalid syntax errors and require manual updates to new rules
syntax
All devopssecure templates are currently limited to GitLab Ultimate customers, however ~"devops::configure" is also transitioning with gitlab-org/gitlab#213336 (closed) which will affect GitLab Core users as well.
- Usage indicators for Secure jobs, however this would only be the subset of users who are using custom only/except configuration on top of those metrics.
- Usage indicators for ADO, however this would only be the subset of users who are using custom only/except configuration on top of those metrics.
Communication
- Deprecation was previously announced via deprecation blogpost
- Stable counterparts were notified of upcoming breaking changes
Relevant Merge Requests
Transition to rules syntax for Secure's vendored templates
Epic:-
Update Container-Scanning.gitlab-ci.yml
gitlab-org/gitlab!30775 (merged) -
Update DAST.gitlab-ci.yml
gitlab-org/gitlab!30776 (merged) -
Update Dependency-Scanning.gitlab-ci.yml
gitlab-org/gitlab!30907 (merged) -
Update License-Scanning.gitlab-ci.yml
gitlab-org/gitlab!30784 (merged) -
Update SAST.gitlab-ci.yml
gitlab-org/gitlab!31127 (merged)
Edited by Taylor McCaslin