Merge branch 'lower-default-clone-depth' into 'master'

Change default shallow clone depth to 20

See merge request gitlab-org/gitlab!77576

app/models/project_ci_cd_setting.rb

@@ -3,7 +3,7 @@
 class ProjectCiCdSetting < ApplicationRecord
   belongs_to :project, inverse_of: :ci_cd_settings
 
-  DEFAULT_GIT_DEPTH = 50
+  DEFAULT_GIT_DEPTH = 20
 
   before_create :set_default_git_depth
 

doc/ci/pipelines/settings.md

@@ -159,7 +159,8 @@ in the `.gitlab-ci.yml` file.
 
 ## Limit the number of changes fetched during clone
 
-> [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/28919) in GitLab 12.0.
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab-foss/-/merge_requests/28919) in GitLab 12.0.
+> - [Changed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/77576) `git depth` value in GitLab 14.7.
 
 You can limit the number of changes that GitLab CI/CD fetches when it clones
 a repository.
@@ -171,8 +172,8 @@ a repository.
    The maximum value is `1000`. To disable shallow clone and make GitLab CI/CD
    fetch all branches and tags each time, keep the value empty or set to `0`.
 
-In GitLab 12.0 and later, newly created projects automatically have a default
-`git depth` value of `50`.
+In GitLab versions 14.7 and later, newly created projects have a default `git depth`
+value of `20`. GitLab versions 14.6 and earlier have a default `git depth` value of `50`.
 
 This value can be overridden by the [`GIT_DEPTH` variable](../large_repositories/index.md#shallow-cloning)
 in the `.gitlab-ci.yml` file.

doc/user/application_security/secret_detection/index.md

@@ -370,10 +370,10 @@ For information on this, see the [general Application Security troubleshooting s
 
 ### Error: `Couldn't run the gitleaks command: exit status 2`
 
-If a pipeline is triggered from a Merge Request containing 60 commits while the `GIT_DEPTH` variable
-is set to 50 (a [project default](../../../ci/pipelines/settings.md#limit-the-number-of-changes-fetched-during-clone)),
-the Secret Detection job fails as the clone is not deep enough to contain all of the
-relevant commits.
+If a pipeline is triggered from a Merge Request containing 60 commits while the `GIT_DEPTH` variable's
+value is less than that, the Secret Detection job fails as the clone is not deep enough to contain all of the
+relevant commits. For information on the current default value, see the
+[pipeline configuration documentation](../../../ci/pipelines/settings.md#limit-the-number-of-changes-fetched-during-clone).
 
 To confirm this as the cause of the error, set the
 [logging level](../../application_security/secret_detection/index.md#logging-level) to `debug`, then

ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb

@@ -148,6 +148,7 @@ RSpec.describe Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor do
                   }
                 },
                 variables: {
+                  GIT_DEPTH: '50',
                   SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers',
                   SECRETS_ANALYZER_VERSION: '3',
                   SECRET_DETECTION_EXCLUDED_PATHS: '',

ee/spec/services/security/security_orchestration_policies/ci_configuration_service_spec.rb

@@ -39,6 +39,7 @@ RSpec.describe Security::SecurityOrchestrationPolicies::CiConfigurationService d
               }
             },
             variables: {
+              GIT_DEPTH: '50',
               SECURE_ANALYZERS_PREFIX: 'registry.gitlab.com/gitlab-org/security-products/analyzers',
               SECRETS_ANALYZER_VERSION: '3',
               SECRET_DETECTION_EXCLUDED_PATHS: '',

lib/gitlab/ci/templates/Jobs/Secret-Detection.gitlab-ci.yml

@@ -14,6 +14,8 @@ variables:
   image: "$SECURE_ANALYZERS_PREFIX/secrets:$SECRETS_ANALYZER_VERSION"
   services: []
   allow_failure: true
+  variables:
+    GIT_DEPTH: "50"
   # `rules` must be overridden explicitly by each child job
   # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   artifacts: