Implement new versioning
What does this MR do?
It updates the CI configuration to generate all the Docker images for all supported versions of GitLab
in a single pipeline. These means that SAST 10.8 to 11.5 are now based on the same sast:1
image.
A new env variable SAST_DEFAULT_ANALYZERS
has been introduced and turned into a Docker build argument
in order to enable the analyzers depending on the tag of the Docker image that's built.
The analyzers enabled in one particular image (thus in one particular version of GitLab)
are consistent with the changelog.
The -stable
images are built after building the sast:1
image they derive from.
This strategy may be a performance boost but the motivation is different. Here's the problem:
if SAST_DEFAULT_ANALYZERS
is defined as a build argument and exported as an environment variable
then it defaults to an empty string but can't be undefined.
Since we want all the official analyzers to be enabled in sast:1
(or consecutive major versions),
we would have to explicit set this build arg, otherwise there would be no official analyzer when running the command.
In the end it's just easier to introduce SAST_DEFAULT_ANALYZERS
in a second step when building the -stable
images.
This way the env var is unset in the main sast:1
image, so all the analyzers are enabled.
The build
stage generates images with these tags:
- if git tag, with tag matching the git tag (without leading
v
) - if git tag, with tag matching the MAJOR of sast/common version (manual job)
- if master, with
edge
tag - if branch, with tag matching branch name
If the manual build major
is triggered and succeeds, then it will move to the deploy
stages and generate x-y-stable
images. These images are based on the image tagged with the MAJOR version.
The deploy
stage also creates the latest
image.
Why was this MR needed?
To ease the release process and generate the various Docker images of SAST more efficiently.
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
Tests added for this feature/bug