fix: Reintroduce top-level SAST_ANALYZER_IMAGE_TAG for SCS

Previous MR that added deprecation shim for Security Code Scan v2 to v3 moved the default variable definition into the `rules:variables` block. This is not always present when customers have overridden the entire `rules` block leading to failures to pull images Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/350935 Changelog: fixed

fix: Reintroduce top-level SAST_ANALYZER_IMAGE_TAG for SCS
Previous MR that added deprecation shim for Security Code Scan v2 to v3 moved the default variable definition into the `rules:variables` block. This is not always present when customers have overridden the entire `rules` block leading to failures to pull images Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/350935 Changelog: fixed
d45a7685 · Lucas Charles · 68e91614 · d45a7685
Commit d45a7685 authored Feb 09, 2022 by Lucas Charles
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml +1 -2

No files found.
--- a/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
+++ b/lib/gitlab/ci/templates/Jobs/SAST.gitlab-ci.yml
@@ -221,6 +221,7 @@ security-code-scan-sast:
  image:
    name: "$SAST_ANALYZER_IMAGE"
  variables:
+    SAST_ANALYZER_IMAGE_TAG: '2'
    SAST_ANALYZER_IMAGE: "$SECURE_ANALYZERS_PREFIX/security-code-scan:$SAST_ANALYZER_IMAGE_TAG"
  rules:
    - if: $SAST_DISABLED
@@ -230,8 +231,6 @@ security-code-scan-sast:
    # This rule shim will be removed in %15.0,
    # See https://gitlab.com/gitlab-org/gitlab/-/issues/350935
    - if: $CI_COMMIT_BRANCH && $CI_SERVER_VERSION_MAJOR == '14'
-      variables:
-        SAST_ANALYZER_IMAGE_TAG: '2'
      exists:
        - '**/*.csproj'
        - '**/*.vbproj'