diff options
5 files changed, 27 insertions, 10 deletions
diff --git a/app/services/git/branch_hooks_service.rb b/app/services/git/branch_hooks_service.rb index d21a6bb1b9a..4aee48f22e7 100644 --- a/app/services/git/branch_hooks_service.rb +++ b/app/services/git/branch_hooks_service.rb @@ -20,8 +20,7 @@ module Git strong_memoize(:commits) do if creating_default_branch? # The most recent PROCESS_COMMIT_LIMIT commits in the default branch - offset = [count_commits_in_branch - PROCESS_COMMIT_LIMIT, 0].max - project.repository.commits(params[:newrev], offset: offset, limit: PROCESS_COMMIT_LIMIT) + project.repository.commits(params[:newrev], limit: PROCESS_COMMIT_LIMIT) elsif creating_branch? # Use the pushed commits that aren't reachable by the default branch # as a heuristic. This may include more commits than are actually @@ -84,9 +83,6 @@ module Git # Schedules processing of commit messages def enqueue_process_commit_messages - # don't process commits for the initial push to the default branch - return if creating_default_branch? - limited_commits.each do |commit| next unless commit.matches_cross_reference_regex? diff --git a/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml b/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml new file mode 100644 index 00000000000..112b472aa3b --- /dev/null +++ b/changelogs/unreleased/10842-add-missing-environments-variable-to-the-sast-analyzer-docker-container.yml @@ -0,0 +1,5 @@ +--- +title: 'Fix: propagate all documented ENV vars to CI when using SAST' +merge_request: 29564 +author: +type: fixed diff --git a/changelogs/unreleased/patch-issue--56683.yml b/changelogs/unreleased/patch-issue--56683.yml new file mode 100644 index 00000000000..9b82c6c1459 --- /dev/null +++ b/changelogs/unreleased/patch-issue--56683.yml @@ -0,0 +1,6 @@ +--- +title: Process up to 100 commit messages for references when pushing to a new default + branch +merge_request: 29511 +author: Fabio Papa +type: fixed diff --git a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml index abf16e5b2e7..8713b833011 100644 --- a/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml +++ b/lib/gitlab/ci/templates/Security/SAST.gitlab-ci.yml @@ -31,19 +31,29 @@ sast: - | docker run \ $(propagate_env_vars \ + SAST_BANDIT_EXCLUDED_PATHS \ SAST_ANALYZER_IMAGES \ SAST_ANALYZER_IMAGE_PREFIX \ SAST_ANALYZER_IMAGE_TAG \ SAST_DEFAULT_ANALYZERS \ - SAST_EXCLUDED_PATHS \ - SAST_BANDIT_EXCLUDED_PATHS \ + SAST_PULL_ANALYZER_IMAGES \ SAST_BRAKEMAN_LEVEL \ - SAST_GOSEC_LEVEL \ SAST_FLAWFINDER_LEVEL \ SAST_GITLEAKS_ENTROPY_LEVEL \ + SAST_GOSEC_LEVEL \ + SAST_EXCLUDED_PATHS \ SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ SAST_RUN_ANALYZER_TIMEOUT \ + ANT_HOME \ + ANT_PATH \ + GRADLE_PATH \ + JAVA_OPTS \ + JAVA_PATH \ + MAVEN_CLI_OPTS \ + MAVEN_PATH \ + MAVEN_REPO_PATH \ + SBT_PATH \ ) \ --volume "$PWD:/code" \ --volume /var/run/docker.sock:/var/run/docker.sock \ diff --git a/spec/services/git/branch_hooks_service_spec.rb b/spec/services/git/branch_hooks_service_spec.rb index 22faa996015..b5694628269 100644 --- a/spec/services/git/branch_hooks_service_spec.rb +++ b/spec/services/git/branch_hooks_service_spec.rb @@ -287,8 +287,8 @@ describe Git::BranchHooksService do context 'creating the default branch' do let(:oldrev) { Gitlab::Git::BLANK_SHA } - it 'does not process commit messages' do - expect(ProcessCommitWorker).not_to receive(:perform_async) + it 'processes a limited number of commit messages' do + expect(ProcessCommitWorker).to receive(:perform_async).once service.execute end |