Merge branch 'run-package-hunter-for-mrs' into 'master'

ci: Run package_hunter on MRs that updates yarn.lock

See merge request gitlab-org/gitlab!58780

.gitlab/ci/dast.gitlab-ci.yml

@@ -3,7 +3,7 @@
     - prm
   # For scheduling dast job
   extends:
-    - .reports:schedule-dast
+    - .reports:rules:schedule-dast
   image:
     name: "registry.gitlab.com/gitlab-org/security-products/dast:$DAST_VERSION"
   resource_group: dast_scan

.gitlab/ci/reports.gitlab-ci.yml

@@ -143,12 +143,13 @@ dependency_scanning gemnasium-python:
 # See https://gitlab.com/gitlab-com/gl-security/security-research/package-hunter
 package_hunter:
   extends:
-    - .reports:schedule-dast
+    - .reports:rules:package_hunter
   stage: test
   image:
     name: registry.gitlab.com/gitlab-com/gl-security/security-research/package-hunter-cli:latest
     entrypoint: [""]
   needs: []
+  allow_failure: true
   script:
     - rm -r spec locale .git app/assets/images doc/
     - cd .. && tar -I "gzip --best" -cf gitlab.tgz gitlab/

.gitlab/ci/rules.gitlab-ci.yml

@@ -996,13 +996,19 @@
       when: manual
       allow_failure: true
 
-.reports:schedule-dast:
+.reports:rules:schedule-dast:
   rules:
     - if: '$DAST_DISABLED || $GITLAB_FEATURES !~ /\bdast\b/'
       when: never
     - <<: *if-default-branch-schedule-nightly
       allow_failure: true
 
+.reports:rules:package_hunter:
+  rules:
+    - <<: *if-default-branch-schedule-2-hourly
+    - <<: *if-merge-request
+      changes: ["yarn.lock"]
+
 .reports:rules:license_scanning:
   rules:
     - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'