Commit 8f7d3fad authored by Lucas Charles's avatar Lucas Charles

Remove unnecessary `rules` references from base secure jobs

`rules` is always overridden explicitly by child jobs, leading to
confusion over the appropriate point to override.

By removing `rules` entirely it is more clear but we can further
improve this by linking to the issue discussing improvements to rule
extendability.

Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/218444
parent 10e7586d
...@@ -28,11 +28,8 @@ dependency_scanning: ...@@ -28,11 +28,8 @@ dependency_scanning:
.ds-analyzer: .ds-analyzer:
extends: dependency_scanning extends: dependency_scanning
allow_failure: true allow_failure: true
rules: # `rules` must be overridden explicitly by each child job
- if: $DEPENDENCY_SCANNING_DISABLED # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
when: never
- if: $CI_COMMIT_BRANCH &&
$GITLAB_FEATURES =~ /\bdependency_scanning\b/
script: script:
- /analyzer run - /analyzer run
......
...@@ -30,10 +30,8 @@ sast: ...@@ -30,10 +30,8 @@ sast:
.sast-analyzer: .sast-analyzer:
extends: sast extends: sast
allow_failure: true allow_failure: true
rules: # `rules` must be overridden explicitly by each child job
- if: $SAST_DISABLED # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
when: never
- if: $CI_COMMIT_BRANCH
script: script:
- /analyzer run - /analyzer run
......
...@@ -14,6 +14,8 @@ variables: ...@@ -14,6 +14,8 @@ variables:
stage: test stage: test
image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION" image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
services: [] services: []
# `rules` must be overridden explicitly by each child job
# see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
artifacts: artifacts:
reports: reports:
secret_detection: gl-secret-detection-report.json secret_detection: gl-secret-detection-report.json
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment