Fix rules should be strictly the security namespace (!148387) · Merge requests · GitLab.org / GitLab

Lin Jen-Shin requested to merge fix-security-namespace-check into master Apr 02, 2024

What does this MR do and why?

Make sure it's strictly the security namespace

Before this change, it also matches the canonical project gitlab-org/gitlab.

More background

In !148307 (merged) we removed QA_TESTS because it didn't work as expected. QA_TESTS will never match because it's never defined. So rules associated with that never worked before.

After we removed QA_TESTS, then it starts to match with the regular merge requests, which then break the intention that for regular merge requests, we only want to run against specific devops labels. These rules illustrated that:

- <<: *if-dot-com-gitlab-org-and-security-merge-request
  changes: *code-patterns
  allow_failure: true
- <<: *if-merge-request-and-specific-devops-stage
  changes: *code-patterns
  allow_failure: true

The intention should be always matching against the security merge requests.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Apr 03, 2024 by Lin Jen-Shin

Fix rules should be strictly the security namespace

What does this MR do and why?

More background

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports