Improve UX on Security Product-related jobs (among Auto DevOps)
Issue Status
-
Dependency Scanning -
SAST
Problem to solve
On running or completed Security Product-related jobs (of Auto DevOps), displaying "Starting analyzer..." message before starting to pull the analyzer image (therefore, in advance to start to create an analyzer container) has generated a long gap typically dozens of seconds to minutes (for registry.gitlab.com).
Examples (with GitLab 12.7-pre)
$ docker run \ # collapsed multi-line command
Unable to find image 'registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-7-stable' locally
12-7-stable: Pulling from gitlab-org/security-products/dependency-scanning
c3456ce5f27a: Pulling fs layer
c3456ce5f27a: Verifying Checksum
c3456ce5f27a: Download complete
c3456ce5f27a: Pull complete
Digest: sha256:3f523755cf3a749509476621b35afbf6f0848156a57b3af83c3419a2cd164acb
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/dependency-scanning:12-7-stable
2020/01/09 05:08:13 Copy project directory to containers
2020/01/09 05:08:13 [bundler-audit] Detect project using plugin
2020/01/09 05:08:13 [bundler-audit] Project not compatible
2020/01/09 05:08:13 [retire.js] Detect project using plugin
2020/01/09 05:08:13 [retire.js] Project not compatible
2020/01/09 05:08:13 [gemnasium] Detect project using plugin
2020/01/09 05:08:13 [gemnasium] Project not compatible
2020/01/09 05:08:13 [gemnasium-maven] Detect project using plugin
2020/01/09 05:08:13 [gemnasium-maven] Project is compatible
2020/01/09 05:08:13 [gemnasium-maven] Starting analyzer...
2: Pulling from gitlab-org/security-products/analyzers/gemnasium-maven
844c33c7e6ea: Pulling fs layer
ada5d61ae65d: Pulling fs layer
f8427fdf4292: Pulling fs layer
f025bafc4ab8: Pulling fs layer
67b8714e1225: Pulling fs layer
a78c0b398690: Pulling fs layer
db8414d1baad: Pulling fs layer
ff97c92debf4: Pulling fs layer
d0ddd788c6a9: Pulling fs layer
8dface509d5a: Pulling fs layer
ee8ec1fbb003: Pulling fs layer
784315ade454: Pulling fs layer
0e5a747df073: Pulling fs layer
d8ca705dac6e: Pulling fs layer
f025bafc4ab8: Waiting
67b8714e1225: Waiting
a78c0b398690: Waiting
db8414d1baad: Waiting
ff97c92debf4: Waiting
d0ddd788c6a9: Waiting
8dface509d5a: Waiting
ee8ec1fbb003: Waiting
784315ade454: Waiting
0e5a747df073: Waiting
d8ca705dac6e: Waiting
f8427fdf4292: Verifying Checksum
f8427fdf4292: Download complete
ada5d61ae65d: Verifying Checksum
ada5d61ae65d: Download complete
844c33c7e6ea: Verifying Checksum
844c33c7e6ea: Download complete
67b8714e1225: Verifying Checksum
67b8714e1225: Download complete
a78c0b398690: Verifying Checksum
a78c0b398690: Download complete
ff97c92debf4: Verifying Checksum
ff97c92debf4: Download complete
d0ddd788c6a9: Verifying Checksum
d0ddd788c6a9: Download complete
f025bafc4ab8: Verifying Checksum
f025bafc4ab8: Download complete
8dface509d5a: Verifying Checksum
8dface509d5a: Download complete
ee8ec1fbb003: Verifying Checksum
ee8ec1fbb003: Download complete
db8414d1baad: Verifying Checksum
db8414d1baad: Download complete
0e5a747df073: Verifying Checksum
0e5a747df073: Download complete
784315ade454: Verifying Checksum
784315ade454: Download complete
d8ca705dac6e: Verifying Checksum
d8ca705dac6e: Download complete
844c33c7e6ea: Pull complete
ada5d61ae65d: Pull complete
f8427fdf4292: Pull complete
f025bafc4ab8: Pull complete
67b8714e1225: Pull complete
a78c0b398690: Pull complete
db8414d1baad: Pull complete
ff97c92debf4: Pull complete
d0ddd788c6a9: Pull complete
8dface509d5a: Pull complete
ee8ec1fbb003: Pull complete
784315ade454: Pull complete
0e5a747df073: Pull complete
d8ca705dac6e: Pull complete
Digest: sha256:58de012d60d2c30412ab37797420e33ec25871338046da2e1dfe7bacfdc99728
Status: Downloaded newer image for registry.gitlab.com/gitlab-org/security-products/analyzers/gemnasium-maven:2
Found project in /tmp/app
From https://gitlab.com/gitlab-org/security-products/gemnasium-db(from https://gitlab.com/tnir-pick-mr-test/OpenID-Connect-Java-Spring-Server/-/jobs/397652077)
Logs from L127 through L196 (see the above CI job log) were sequentially output during pulling the analyzer image.
Proposal
To prevent this, after finished to pull the image (that is, just before creating a container) "Starting analyzer..." message will come to be displayed. Instead, additional message "Downloading analyzer" will be displayed when starting to pull the image.
Intended users
Edited by Fabien Catteau