Merge branch 'remove-unneeded-base-rules-from-secure-templates' into 'master'

Remove unnecessary `rules` references from base secure jobs See merge request gitlab-org/gitlab!47691

Merge branch 'remove-unneeded-base-rules-from-secure-templates' into 'master'
Remove unnecessary `rules` references from base secure jobs See merge request gitlab-org/gitlab!47691
0ce72a03 · Shinya Maeda · c3f7a9ee · 8f7d3fad · 0ce72a03 · 0ce72a03
Commit 0ce72a03 authored Nov 18, 2020 by Shinya Maeda
3 changed files
--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -28,11 +28,8 @@ dependency_scanning:
 .ds-analyzer:
  extends: dependency_scanning
  allow_failure: true
-  rules:
+  # `rules` must be overridden explicitly by each child job
-    - if: $DEPENDENCY_SCANNING_DISABLED
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-      when: never
-    - if: $CI_COMMIT_BRANCH &&
-          $GITLAB_FEATURES =~ /\bdependency_scanning\b/
  script:
    - /analyzer run

--- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
@@ -30,10 +30,8 @@ sast:
 .sast-analyzer:
  extends: sast
  allow_failure: true
-  rules:
+  # `rules` must be overridden explicitly by each child job
-    - if: $SAST_DISABLED
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
-      when: never
-    - if: $CI_COMMIT_BRANCH
  script:
    - /analyzer run

--- a/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
@@ -14,6 +14,8 @@ variables:
  stage: test
  image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
  services: []
+  # `rules` must be overridden explicitly by each child job
+  # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
  artifacts:
    reports:
      secret_detection: gl-secret-detection-report.json