search

GitGuardian / ggshield

Find and fix 400+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
https://gitguardian.com
MIT License
1.62k stars 143 forks source link

Fix Gitlab commit range selection for merged results pipelines #803

Closed Paul-GitGuardian closed 9 months ago

Paul-GitGuardian commented 9 months ago

Gitlab provides "merged results pipelines" to run in merge requests, as an alternate behavior to the base MR pipelines. However, env variables take unexpected values in these pipelines. Particularly, CI_COMMIT_BEFORE_SHA has a non-empty SHA, equal to the last commit pushed. This results in empty commit ranges, meaning CI scans will not detect vulnerabilities in the MR commits.

CI_MERGE_REQUEST_TARGET_BRANCH_NAME is used here, as it is known to be working in merged results requests

GG-HH commented 9 months ago

Could you add a test please ?

codecov-commenter commented 9 months ago

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (2e72fa5) 92.01% compared to head (026e73f) 91.92%. Report is 9 commits behind head on main.

Files Patch % Lines
ggshield/core/git_hooks/ci/previous_commit.py 0.00% 2 Missing :warning:

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #803 +/- ## ========================================== - Coverage 92.01% 91.92% -0.10% ========================================== Files 157 158 +1 Lines 6586 6622 +36 ========================================== + Hits 6060 6087 +27 - Misses 526 535 +9 ``` | [Flag](https://app.codecov.io/gh/GitGuardian/ggshield/pull/803/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=GitGuardian) | Coverage Δ | | |---|---|---| | [unittests](https://app.codecov.io/gh/GitGuardian/ggshield/pull/803/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=GitGuardian) | `91.92% <0.00%> (-0.10%)` | :arrow_down: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=GitGuardian#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.