Ensure the dast job does not run on master

Signed-off-by: Rémy Coutable <remy@rymai.me>
2019-08-21 11:34:42 +02:00 · 2019-08-21 11:34:42 +02:00 · c10aeb1217
parent 9174d60ba1
commit c10aeb1217
3 changed files with 22 additions and 18 deletions
--- a/.gitlab/ci/global.gitlab-ci.yml
+++ b/.gitlab/ci/global.gitlab-ci.yml
@ -76,3 +76,15 @@
    - apk add --update openssl
    - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
    - chmod 755 $(basename $SCRIPT_NAME)
+
+.review-only: &review-only
+  only:
+    refs:
+      - branches@gitlab-org/gitlab-ce
+      - branches@gitlab-org/gitlab-ee
+    kubernetes: active
+  except:
+    refs:
+      - master
+      - /^\d+-\d+-auto-deploy-\d+$/
+      - /(^docs[\/-].+|.+-docs$)/
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@ -27,7 +27,9 @@ dependency_scanning:
  cache: {}

 dast:
-  extends: .dedicated-no-docs
+  extends:
+    - .dedicated-runner
+    - .review-only
  stage: qa
  dependencies:
    - review-deploy
--- a/.gitlab/ci/review.gitlab-ci.yml
+++ b/.gitlab/ci/review.gitlab-ci.yml
@ -1,15 +1,3 @@
-.review-only: &review-only
-  only:
-    refs:
-      - branches@gitlab-org/gitlab-ce
-      - branches@gitlab-org/gitlab-ee
-    kubernetes: active
-  except:
-    refs:
-      - master
-      - /^\d+-\d+-auto-deploy-\d+$/
-      - /(^docs[\/-].+|.+-docs$)/
-
 .review-schedules-only: &review-schedules-only
  only:
    refs:
@ -24,8 +12,9 @@
      - /(^docs[\/-].+|.+-docs$)/

 .review-base: &review-base
-  extends: .dedicated-runner
-  <<: *review-only
+  extends:
+    - .dedicated-runner
+    - .review-only
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
  cache: {}
  dependencies: []
@ -68,7 +57,7 @@ build-qa-image:
    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng

 review-build-cng:
-  <<: *review-only
+  extends: .review-only
  <<: *review-build-cng-base

 schedule:review-build-cng:
@ -117,8 +106,9 @@ schedule:review-deploy:
  <<: *review-schedules-only

 review-stop:
-  <<: *review-only
-  extends: .single-script-job-dedicated-runner
+  extends:
+    - .single-script-job-dedicated-runner
+    - .review-only
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
  stage: review
  when: manual