Create and register a new push check
Overview
To scan secrets on every push, we have to introduce a new push check. It should be invoked in EE::Gitlab::Checks::PushRuleCheck
.
It is also necessary to have the check behind a feature flag, so we don't cause any disruption to our "hot path".
Please see parent epic for more details and considerations.
Implementation Plan
-
Create a new push check class, e.g. SecretsCheck
, see POC for reference. -
Update EE::Gitlab::Checks::PushRuleCheck
to run the new check sequentially and in parallel. -
Create a new feature flag, see documentation for guidelines. -
Ensure the new push check is behind the feature flag.
Based on outcome of #427041 (closed):
-
Ensure the push check is also behind the instance-level configuration.
Notes
- The push check doesn't have to do anything at this moment, it can be empty.
Edited by Ahmed Hemdan