Update DS CI template to use a single rules:exists glob
What does this MR do and why?
All Dependency Scanning(DS) analyzer jobs ie gemnasium, gemnasium-maven, gemnasium-sbt, are being triggered for users with large projects even if the analyzer is irrelevant to the project. See this comment for full context.
This is because DS uses rules:exists which has a 10k limit check. The 10k checks are counted by the glob path patterns times the number of files in the repo. For projects with many files, the job is triggered if the 10k limit is exceeded.
As each DS job is configured to match multiple glob path patterns
in the rules:exists
array, this reduces the upper limit of project file size before all jobs are triggered:
-
gemnasium
has 10glob path patterns
which meansproject file size upper limit before job runs
is999
-
gemnasium-maven
has 4glob path patterns
which meansproject file size upper limit before job runs
is2499
-
gemnasium-python
has 7glob path patterns
which meansproject file size upper limit before job runs
is1428
This MR as proposed by @bwill in this comment combines the multiple glob path patterns
into a single glob path pattern
which significantly increases the upper limit of project file size before all DS jobs are triggered.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
Validation of template change
- I previously created a maven project
- The pipeline that uses the existing DS ci-template starts both the
gemnasium
andgemnasium-maven
job - I started another pipeline with the DS ci-template from this MR and only the
gemnasium-maven
job is started.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a project