Skip to content

Remove GitLab employees from spamcheck allow list

Ian Anderson requested to merge gitlab-employee-spamcheck into master

What does this MR do and why?

Describe in detail what your merge request does and why.

This MR removes GitLab employees from the spamcheck allow list. This is done because our training data is built from the requests that are sent to the spamcheck service. Due to the recent uptick in spam our training set has become imbalanced and collecting training data from spammables created by GitLab employees will help fill this gap. Additionally, data labeling will be speed up since we can automatically label spammables generated by GitLab employees as "ham."

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Ensure GDK is running with the environment variable GITLAB_SIMULATE_SAAS=true exported in the environment.
  2. As a regular user create the gitlab-com group at the top level
  3. Run the spamcheck service locally
    docker run --rm -p 8001:8001 registry.gitlab.com/gitlab-org/gl-security/security-engineering/security-automation/spam/spamcheck:1.7.1
  4. Enable spamcheck in your local GDK instance by navigating to admin/application_settings/reporting.
    • Enable spamcheck
    • Set the URL of the external Spam Check endpoint to grpc://localhost:8001 image
  5. As the same user who created the gitlab-com group (or a regular user you added to that group) attempt to create an issue in a public project (i.e. gitlab-org/gitlab-test).
  6. You should see logs from the spamcheck service that the issue was checked for spam.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ian Anderson

Merge request reports

Loading