Implement new versioning (!108) · Merge requests · GitLab.org / security-products / sast

Fabien Catteau requested to merge ee-7139-new-versioning into master Oct 23, 2018

What does this MR do?

It updates the CI configuration to generate all the Docker images for all supported versions of GitLab in a single pipeline. These means that SAST 10.8 to 11.5 are now based on the same sast:1 image.

A new env variable SAST_DEFAULT_ANALYZERS has been introduced and turned into a Docker build argument in order to enable the analyzers depending on the tag of the Docker image that's built. The analyzers enabled in one particular image (thus in one particular version of GitLab) are consistent with the changelog.

The -stable images are built after building the sast:1 image they derive from. This strategy may be a performance boost but the motivation is different. Here's the problem: if SAST_DEFAULT_ANALYZERS is defined as a build argument and exported as an environment variable then it defaults to an empty string but can't be undefined. Since we want all the official analyzers to be enabled in sast:1 (or consecutive major versions), we would have to explicit set this build arg, otherwise there would be no official analyzer when running the command. In the end it's just easier to introduce SAST_DEFAULT_ANALYZERS in a second step when building the -stable images. This way the env var is unset in the main sast:1 image, so all the analyzers are enabled.

The build stage generates images with these tags:

if git tag, with tag matching the git tag (without leading v)
if git tag, with tag matching the MAJOR of sast/common version (manual job)
if master, with edge tag
if branch, with tag matching branch name

If the manual build major is triggered and succeeds, then it will move to the deploy stages and generate x-y-stable images. These images are based on the image tagged with the MAJOR version.

The deploy stage also creates the latest image.

Why was this MR needed?

To ease the release process and generate the various Docker images of SAST more efficiently.

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
Tests added for this feature/bug

What are the relevant issue numbers?

https://gitlab.com/gitlab-org/gitlab-ee/issues/7139

Edited Nov 01, 2018 by Fabien Catteau

Implement new versioning

What does this MR do?

Why was this MR needed?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports