I want to set the expire_in of the SAST artefact through a variable. The reason is, that the duration should differ in each environment.
For example, in dev -> 30 days. in stage -> never
variables:
SAST_EXPIRE_IN: "30 days"
sast:
stage: pre-build-tests
artifacts:
expire_in: $SAST_EXPIRE_IN
paths:
- gl-sast-report.json
reports:
sast: gl-sast-report.json
I'm getting the below error when the code is committed.
jobs:sast:artifacts expire in should be a duration
How can I fix this?
Even though it does not seem to be possible to use variables for expire_in (see open gitlab issue) you could work around it by using two different jobs:
sast_stage:
stage: pre-build-tests
artifacts:
expire_in: never
paths:
- gl-sast-report.json
reports:
sast: gl-sast-report.json
rule:
- if: '<Rule that only applies for stage>'
sast_dev:
stage: pre-build-tests
artifacts:
expire_in: 30 days
paths:
- gl-sast-report.json
reports:
sast: gl-sast-report.json
rule:
- if: '<Rule that only applies for dev>'
By setting the rules you are able to execute the right job at the right time.