gitlab-secret_detection 0.20.7 → 0.20.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 895cf01abc75fc3d50530e201bafbfa1cefbd01471096ae7157c0f6d9e107a56
4
- data.tar.gz: 5325e320aaec750875a9237de822c69a6b2948da19a06435596e3cda0305ba53
3
+ metadata.gz: b6825b32d5bcbbf4e249fea71941553d80ee4fbd6353c98ec539c0450d26c880
4
+ data.tar.gz: 3882b690256d74491871592340b7a70e296170834d61687f4892ca2a581bbb54
5
5
  SHA512:
6
- metadata.gz: 031f9c7dd9fcf41ad7bda505cd1006c27146e606622c1066305914f20ed71b81815cb723f5055b4e048c9a2dd226690aaae6fdea3532c13b7150a2f069bb61a3
7
- data.tar.gz: 10af4779c8efbdae7804759951b5a8eadf2503ff569ab8504867fe8c2619fccf83b12af81cd3eb6145bb9c26cf6594ce6268f0c9251ecb83356b182d62061590
6
+ metadata.gz: 025a923fbf1887acbb95ad67f4ce99ab20ed65d689d02aedd73cc70d8d558b974c159673e53e4db724cc6efe21c536a811a2c5b1c86eb9d9bf53cf9fc4382318
7
+ data.tar.gz: a46e7e0194fa0e7336fe54c67f3c2da9294aaf3ae5e00a31fa9561d97191e63e806b2514853736cd8fc9a81eefc782a4c6e04837e063e716a0838b1e0d11c677
data/README.md CHANGED
@@ -336,15 +336,22 @@ Run `ruby examples/sample-client/sample_client.rb` on your terminal to run the s
336
336
 
337
337
  RPC service is benchmarked using [`ghz`](https://ghz.sh), a powerful CLI-based tool for load testing and benchmarking gRPC services. More details added [here](https://gitlab.com/gitlab-org/gitlab/-/work_items/468107).
338
338
 
339
- ## Project Status
339
+ ## Release Process
340
340
 
341
- Secret Detection service's status can be tracked here: https://gitlab.com/gitlab-org/gitlab/-/issues/467531
341
+ We do three primary actions for every merge to `main` branch:
342
342
 
343
- #### Changes made in the secret detection logic that were previously not present in the Gem
343
+ - **Build and Publish SD ruby gem to RubyGems.org**:
344
+ - The latest version for releasing Secret Detection gem is pulled from `Gitlab::SecretDetection::Gem::VERSION` (located at`lib/gitlab/secret_detection/version.rb`).
345
+ - We build a ruby gem for the code snapshot and tag it to the extract release version.
346
+ - The script for publising the gem to RubyGems.org is available [here](ci/scripts/publish_ruby_gem.sh).
344
347
 
345
- - [Gitlab::SecretDetection::Core::Scanner#initialize(...)](lib/gitlab/secret_detection/core/scanner.rb): To reuse the logic of ruleset parsing from a file source, we parse the ruleset file at once and pass the parsed rules around. So,
346
- the `initialize()` method now accepts parsed rules instead of ruleset file path
347
- - [Gitlab::SecretDetection::Core::Status](lib/gitlab/secret_detection/core/status.rb): `NOT_FOUND` status moved from `0` to `7` since
348
- gRPC reserves `0` for enums. We need to reflect this change on the Rails side too
349
- - [Gitlab::SecretDetection::Core::Scanner#scan(...)](lib/gitlab/secret_detection/core/scanner.rb): Introduced `rule_exclusions`, `raw_value_exclusions` and `tags` args to `scan(..)`
350
- method to suport [exclusions](https://gitlab.com/groups/gitlab-org/-/epics/14315) feature.
348
+ - **Deploy SD gRPC server to GCP using Runway**:
349
+ - We build a docker container for the current code snapshot and tag it under `$CI_REGISTRY_IMAGE/image:$CI_COMMIT_SHORT_SHA` container registry path.
350
+ - The same container registry path is given as input to the Runway CI downstream which takes it forward for deploying in Staging and Production environments.
351
+
352
+ - **Make a GitLab Release**:
353
+ - We use a modified version of [`upsert git tag`](https://gitlab.com/gitlab-org/security-products/ci-templates/-/blob/master/includes-dev/upsert-git-tag.ym) job where instead of fetching the version from the first changelog entry, we fetch it from `Gitlab::SecretDetection::Gem::VERSION`. The rest of the behaviour is retained i.e., creating a tag from the version and then creating a new GitLab release against that tag.
354
+ - The job pulls the description of the latest version entry from the [`CHANGELOG.md`](CHANGELOG.md) and uses it for the Release description.
355
+ - The script for creating a git tag and making GitLab release is available [here](ci/scripts/make_gitlab_release.sh).
356
+
357
+ *NOTE: There is no logical requirement for the versions defined in `Gitlab::SecretDetection::Gem::VERSION` and latest entry of `CHANGELOG.md` to be the same. However, we expect them to be the same to keep it consistent. We've added a CI job([`validate version sync`](ci/templates/validate.yml)) that ensures the version sync between them.*
@@ -3,12 +3,9 @@
3
3
  module Gitlab
4
4
  module SecretDetection
5
5
  class Gem
6
- # TODO: This is a temporary fix to avoid runtime issues
7
- # More details are available here:
8
- # https://gitlab.com/gitlab-org/gitlab/-/issues/514015
9
- #
10
6
  # Ensure to maintain the same version in CHANGELOG file.
11
- VERSION = "0.20.7"
7
+ # More details available under 'Release Process' section in the README.md file.
8
+ VERSION = "0.20.8"
12
9
 
13
10
  # SD_ENV env var is used to determine which environment the
14
11
  # server is running. This var is defined in `.runway/env-<env>.yml` files.
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-secret_detection
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.20.7
4
+ version: 0.20.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - group::secret detection
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2025-03-13 00:00:00.000000000 Z
13
+ date: 2025-03-14 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: grpc