Draft: Set default DS_REPORT_URL using WANT (XP) (!1267) · Merge requests · GitLab.org / security-products / Tests / ruby-bundler

Fabien Catteau requested to merge fcatteau-bundler2-FREEZE-patch-46334 into bundler2-FREEZE Jul 17, 2021

Experiment

This is an experiment related to https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/1431818906, to explore how WANT, DEPENDENCY_SCANNING_REPORT and DS_REPORT_URL can all be supported without increasing the complexity of QA scripts introduced in gitlab-org/security-products/analyzers/integration-test!2 (merged) and updated in gitlab-org/security-products/analyzers/integration-test!4 (merged).

Behavior

When no CI variables are set when running the pipeline, it fetches the expected report from qa/expect/$WANT using the WANT variable set in the qa-*-dependency_scanning jobs.
When DEPENDENCY_SCANNING_REPORT is set with a specific filename, it fetches the expected report from qa/expect/$DEPENDENCY_SCANNING_REPORT, because WANT defaults to DEPENDENCY_SCANNING_REPORT.
When DS_REPORT_URL is set, it fetches the remote expected report.

Implementation

.qa-dependency_scanning:
  variables:
    DEPENDENCY_SCANNING_REPORT: gl-dependency-scanning-report.json
    WANT: $DEPENDENCY_SCANNING_REPORT
    DS_REPORT_URL: qa/expect/$WANT

Conclusion

We can update the DS QA template and update the .qa-dependency_scanning job in a similar way, and revert the changes we did in gitlab-org/security-products/analyzers/integration-test!4 (merged).

Edited Jul 17, 2021 by Fabien Catteau

Draft: Set default DS_REPORT_URL using WANT (XP)

Experiment

Behavior

Implementation

Conclusion

Merge request reports