Page MenuHomePhabricator
Create Task
Maniphest T352702

Add explicit default rules: - when: always directive to ALL AppSec pipeline includes
Closed, ResolvedPublic
Actions

Description

Given how Gitlab seems to handle the merging of various rules: and only: directives within .gitlab-ci.yml files (see frustrations from MR28 and MR29), we should provide a default rules: - when: always directive within each AppSec pipeline include. It is also critical to (re)define the stages: - test directive, apparently, but this should be done within the calling .gitlab-ci.yml files IMO.

  • generic-osv (merged in MR28)
  • golang-go-mod-outdated (merged in MR28)
  • golang-gosec (merged in MR28)
  • npm-outdated (merged in MR28)
  • php-composer-outdated (merged in MR28)
  • php-phan-taint-check (merged in MR28)
  • php-security-checker (merged in MR28)
  • python-bandit (done in 010e8604)
  • semgrep (merged in MR28)

Details

TitleReferenceAuthorSource BranchDest Branch
Add rules: - when: always as default to ALL include filesrepos/security/gitlab-ci-security-templates!28sbassettT352702-add-rules-when-always-to-allmain
Customize query in GitLab

Related Objects
Search...

Event Timeline

sbassett created this task.Dec 4 2023, 6:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 4 2023, 6:08 PM
sbassett changed the task status from Open to In Progress.Dec 4 2023, 6:08 PM
sbassett triaged this task as Medium priority.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett moved this task from Backlog to In Progress on the user-sbassett board.
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Dec 4 2023, 6:10 PM
CodeReviewBot added a project: Patch-For-Review.Dec 4 2023, 6:17 PM

sbassett opened https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28

Add rules: - when: always as default to ALL include files

sbassett updated the task description. (Show Details)Dec 4 2023, 6:18 PM
sbassett updated the task description. (Show Details)
sbassett updated the task description. (Show Details)Dec 4 2023, 6:20 PM
CodeReviewBot added a comment.Dec 6 2023, 3:34 PM

mmartorana merged https://gitlab.wikimedia.org/repos/security/gitlab-ci-security-templates/-/merge_requests/28

Add rules: - when: always as default to ALL include files

sbassett closed this task as Resolved.Dec 6 2023, 3:43 PM
sbassett removed a project: Patch-For-Review.
sbassett updated the task description. (Show Details)
sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.
sbassett moved this task from In Progress to Done on the user-sbassett board.
sbassett moved this task from Backlog to Done on the GitLab-Application-Security-Pipeline board.Dec 20 2023, 7:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL