[#3605] Do not run sast on scheduler

author: Andrei Pavel <andrei@isc.org> 2024-10-25 07:30:56 +0200
committer: Andrei Pavel <andrei@isc.org> 2024-10-25 07:30:56 +0200
commit: a7496bb68e140030d99d22d05a5ef773f4f10966 (patch)
tree: aefb0e2c37dd9fd4a560422e1294c531c5d29037
parent: [#3605] fixed fuzz on BSD-like systems (diff)
download: kea-a7496bb68e140030d99d22d05a5ef773f4f10966.tar.xz
kea-a7496bb68e140030d99d22d05a5ef773f4f10966.zip
1 files changed, 13 insertions, 10 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 052db51a29..bbe50d1504 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -295,15 +295,9 @@ include:
 .sast-analyzer:
   extends: sast
   stage: test
-  <<: *rules_for_test_stage
   allow_failure: true
   script:
     - /analyzer run
-  rules:
-    - if: $SAST_DISABLED
-      when: never
-    - if: $CI_PIPELINE_SOURCE == 'schedule'
-      when: never
 
 flawfinder-sast:
   extends: .sast-analyzer
@@ -313,12 +307,21 @@ flawfinder-sast:
     SAST_ANALYZER_IMAGE_TAG: latest
     SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/flawfinder:$SAST_ANALYZER_IMAGE_TAG"
   rules:
+    - if: $SAST_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == 'schedule'
+      when: never
     - if: $SAST_EXCLUDED_ANALYZERS =~ /flawfinder/
       when: never
-    - if: $CI_COMMIT_BRANCH
-      exists:
-        - '**/*.cc'
-        - '**/*.h'
+    - when: always
 
 semgrep-sast:
   extends: .sast-analyzer
+  rules:
+    - if: $SAST_DISABLED
+      when: never
+    - if: $CI_PIPELINE_SOURCE == 'schedule'
+      when: never
+    - if: $SAST_EXCLUDED_ANALYZERS =~ /semgrep/
+      when: never
+    - when: always
author	Andrei Pavel <andrei@isc.org>	2024-10-25 07:30:56 +0200
committer	Andrei Pavel <andrei@isc.org>	2024-10-25 07:30:56 +0200
commit	a7496bb68e140030d99d22d05a5ef773f4f10966 (patch)
tree	aefb0e2c37dd9fd4a560422e1294c531c5d29037
parent	[#3605] fixed fuzz on BSD-like systems (diff)
download	kea-a7496bb68e140030d99d22d05a5ef773f4f10966.tar.xz kea-a7496bb68e140030d99d22d05a5ef773f4f10966.zip