Draft: Set default DS_REPORT_URL using WANT (XP)
Experiment
This is an experiment related to https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/1431818906, to explore how WANT
, DEPENDENCY_SCANNING_REPORT
and DS_REPORT_URL
can all be supported without increasing the complexity of QA scripts introduced in gitlab-org/security-products/analyzers/integration-test!2 (merged) and updated in gitlab-org/security-products/analyzers/integration-test!4 (merged).
Behavior
- When no CI variables are set when running the pipeline, it fetches the expected report from
qa/expect/$WANT
using theWANT
variable set in theqa-*-dependency_scanning
jobs. - When
DEPENDENCY_SCANNING_REPORT
is set with a specific filename, it fetches the expected report fromqa/expect/$DEPENDENCY_SCANNING_REPORT
, becauseWANT
defaults toDEPENDENCY_SCANNING_REPORT
. - When
DS_REPORT_URL
is set, it fetches the remote expected report.
Implementation
.qa-dependency_scanning:
variables:
DEPENDENCY_SCANNING_REPORT: gl-dependency-scanning-report.json
WANT: $DEPENDENCY_SCANNING_REPORT
DS_REPORT_URL: qa/expect/$WANT
Conclusion
We can update the DS QA template and update the .qa-dependency_scanning
job in a similar way, and revert the changes we did in gitlab-org/security-products/analyzers/integration-test!4 (merged).
Edited by Fabien Catteau