Better commit ranges and git prep for Secret Detection Template
What does this MR do and why?
This issue should fix the following issues:
In order to prep the Secret Detection job's git environment, we need to use some Predefined Environment Variables and enable merge request pipelines so that the job has access to Merge Request Environment Variables.
The two important env vars we need are CI_COMMIT_BEFORE_SHA
and CI_MERGE_REQUEST_TARGET_BRANCH_NAME
.
-
CI_COMMIT_BEFORE_SHA
is used for push events and give us the ancestor commit we should use withCI_COMMIT_SHA
in thegit log ${CI_COMMIT_BEFORE_SHA}..${CI_COMMIT_SHA}
command. -
CI_MERGE_REQUEST_TARGET_BRANCH_NAME
is used for merge requests which allows us to determine the range of commits for an MR. Before we were incorrectly usingCI_DEFAULT_REF
, which in some cases would give incorrect results depending on the git development process (usingmain
and the default branch anddevelop
as the development branch that all story/feature branches get merged into).
Screenshots or screen recordings
- MR event example: https://gitlab.com/gitlab-org/security-products/tests/secrets/-/jobs/2064659355
- Push event example: https://gitlab.com/gitlab-org/security-products/tests/secrets/-/jobs/2064666313
These are strongly recommended to assist reviewers and reduce the time to merge your change.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zach Rice