ci: Run package_hunter on MRs that updates yarn.lock

Signed-off-by: Rémy Coutable <remy@rymai.me>

ci: Run package_hunter on MRs that updates yarn.lock
Signed-off-by: Rémy Coutable <remy@rymai.me>
83303c0b · Rémy Coutable · 2af94e1f · 83303c0b · 83303c0b
Commit 83303c0b authored Apr 07, 2021 by Rémy Coutable
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

.gitlab/ci/reports.gitlab-ci.yml .gitlab/ci/reports.gitlab-ci.yml +2 -1

.gitlab/ci/rules.gitlab-ci.yml .gitlab/ci/rules.gitlab-ci.yml +6 -0

No files found.
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -143,12 +143,13 @@ dependency_scanning gemnasium-python:
 # See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
 package_hunter:
  extends:
-    - .reports:rules:schedule-dast
+    - .reports:rules:package_hunter
  stage: test
  image:
    name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
    entrypoint: [""]
  needs: []
+  allow_failure: true
  script:
    - rm -r spec locale .git app/assets/images doc/
    - cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/

--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -995,6 +995,12 @@
    - <<: *if-default-branch-schedule-nightly
      allow_failure: true
+.reports:rules:package_hunter:
+  rules:
+    - <<: *if-default-branch-schedule-2-hourly
+    - <<: *if-merge-request
+      changes: ["yarn.lock"]
 .reports:rules:license_scanning:
  rules:
    - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'