Merge branch 'ci-lint-warnings' into 'master'

Update ci templates and config to clear yamllint warnings See merge request gitlab-org/gitlab!37034

Merge branch 'ci-lint-warnings' into 'master'
Update ci templates and config to clear yamllint warnings See merge request gitlab-org/gitlab!37034
a43489c1 · Lin Jen-Shin · a5a15849 · 04767a06 · a43489c1 · a43489c1
Commit a43489c1 authored Jul 17, 2020 by Lin Jen-Shin
4 changed files
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -150,35 +150,35 @@ dependency_scanning:
 ## We need to duplicate this job's definition because it seems it's impossible to
 ## override an included `only.refs`.
 ## See https://gitlab.com/gitlab-org/gitlab/issues/31371.
-#dast:
-#  extends:
-#    - .default-retry
-#    - .reports:rules:dast
-#  # This is needed so that manual jobs with needs don't block the pipeline.
-#  # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
-#  dependencies: ["review-deploy"]
-#  stage: qa  # GitLab-specific
-#  image:
-#    name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
-#  variables:
-#    # To be done in a later iteration
-#    # DAST_USERNAME: "root"
-#    # DAST_USERNAME_FIELD: "user[login]"
-#    # DAST_PASSWORD_FIELD: "user[passowrd]"
-#    DAST_VERSION: 1
-#  script:
-#    - 'export DAST_WEBSITE="${DAST_WEBSITE:-$(cat environment_url.txt)}"'
-#    # To be done in a later iteration
-#    # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"'
-#    # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"'
-#    - /analyze -t $DAST_WEBSITE
-#  timeout: 4h
-#  artifacts:
-#    paths:
-#      - gl-dast-report.json  # GitLab-specific
-#    reports:
-#      dast: gl-dast-report.json
-#    expire_in: 1 week  # GitLab-specific
+# dast:
+#   extends:
+#     - .default-retry
+#     - .reports:rules:dast
+#   # This is needed so that manual jobs with needs don't block the pipeline.
+#   # See https://gitlab.com/gitlab-org/gitlab/-/issues/199979.
+#   dependencies: ["review-deploy"]
+#   stage: qa  # GitLab-specific
+#   image:
+#     name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
+#   variables:
+#     # To be done in a later iteration
+#     # DAST_USERNAME: "root"
+#     # DAST_USERNAME_FIELD: "user[login]"
+#     # DAST_PASSWORD_FIELD: "user[passowrd]"
+#     DAST_VERSION: 1
+#   script:
+#     - 'export DAST_WEBSITE="${DAST_WEBSITE:-$(cat environment_url.txt)}"'
+#     # To be done in a later iteration
+#     # - 'export DAST_AUTH_URL="${DAST_WEBSITE}/users/sign_in"'
+#     # - 'export DAST_PASSWORD="${REVIEW_APPS_ROOT_PASSWORD}"'
+#     - /analyze -t $DAST_WEBSITE
+#   timeout: 4h
+#   artifacts:
+#     paths:
+#       - gl-dast-report.json  # GitLab-specific
+#     reports:
+#       dast: gl-dast-report.json
+#     expire_in: 1 week  # GitLab-specific

 # To be done in a later iteration: https://gitlab.com/gitlab-org/gitlab/issues/31160#note_278188255
 # schedule:dast:

--- a/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
@@ -162,4 +162,4 @@ include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/License-Scanning.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/License-Scanning.gitlab-ci.yml
  - template: Security/SAST.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml
-  - template: Security/Secret-Detection.gitlab-ci.yml # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
+  - template: Security/Secret-Detection.gitlab-ci.yml  # https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Security/Secret-Detection.gitlab-ci.yml
--- a/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml
@@ -23,7 +23,7 @@ dast_environment_deploy:
      when: never
    - if: $DAST_DISABLED || $DAST_DISABLED_FOR_DEFAULT_BRANCH
      when: never
-    - if: $DAST_WEBSITE # we don't need to create a review app if a URL is already given
+    - if: $DAST_WEBSITE  # we don't need to create a review app if a URL is already given
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $CI_KUBERNETES_ACTIVE &&
@@ -46,7 +46,7 @@ stop_dast_environment:
      when: never
    - if: $DAST_DISABLED || $DAST_DISABLED_FOR_DEFAULT_BRANCH
      when: never
-    - if: $DAST_WEBSITE # we don't need to create a review app if a URL is already given
+    - if: $DAST_WEBSITE  # we don't need to create a review app if a URL is already given
      when: never
    - if: $CI_COMMIT_BRANCH &&
          $CI_KUBERNETES_ACTIVE &&

--- a/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml
@@ -144,8 +144,8 @@ gemnasium-python-dependency_scanning:
        - '{Pipfile,*/Pipfile,*/*/Pipfile}'
        - '{requires.txt,*/requires.txt,*/*/requires.txt}'
        - '{setup.py,*/setup.py,*/*/setup.py}'
-      # Support passing of $PIP_REQUIREMENTS_FILE
-      # See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
+        # Support passing of $PIP_REQUIREMENTS_FILE
+        # See https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#configuring-specific-analyzers-used-by-dependency-scanning
    - if: $CI_COMMIT_BRANCH &&
          $GITLAB_FEATURES =~ /\bdependency_scanning\b/ &&
          $DS_DEFAULT_ANALYZERS =~ /gemnasium-python/ &&