From 38164ad9f18ba53f5be15ae21eb513b640555fb2 Mon Sep 17 00:00:00 2001
From: Fabio Pitino <fpitino@gitlab.com>
Date: Wed, 3 May 2023 10:34:32 +0100
Subject: [PATCH] Replace var image suffix with input

---
 README.md    | 1 +
 template.yml | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ef3937b..3bfb335 100644
--- a/README.md
+++ b/README.md
@@ -23,3 +23,4 @@ where `<VERSION>` is the latest released tag or `main`.
 | ----- | ------------- | ----------- |
 | `stage` | `test`      | The stage where you want the job to be added |
 | `image_prefix` | `$CI_TEMPLATE_REGISTRY_HOST/security-products` | Define where all Docker image are pulled from |
+| `image_suffix` | `""` | Used by `semgrep-sast` job only |
diff --git a/template.yml b/template.yml
index db353db..8d22202 100644
--- a/template.yml
+++ b/template.yml
@@ -4,6 +4,8 @@ spec:
       default: test
     image_prefix:
       default: "$CI_TEMPLATE_REGISTRY_HOST/security-products" 
+    image_suffix:
+      default: ""
     
 ---
 .sast-analyzer:
@@ -13,7 +15,6 @@ spec:
   # see https://gitlab.com/gitlab-org/gitlab/-/issues/218444
   variables:
     SEARCH_MAX_DEPTH: 4
-    SAST_IMAGE_SUFFIX: ""
     SAST_EXCLUDED_ANALYZERS: ""
     SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"
     SCAN_KUBERNETES_MANIFESTS: "false"
@@ -182,7 +183,7 @@ semgrep-sast:
   variables:
     SEARCH_MAX_DEPTH: 20
     SAST_ANALYZER_IMAGE_TAG: 3
-    SAST_ANALYZER_IMAGE: "$[[ inputs.image_prefix ]]/semgrep:$SAST_ANALYZER_IMAGE_TAG$SAST_IMAGE_SUFFIX"
+    SAST_ANALYZER_IMAGE: "$[[ inputs.image_prefix ]]/semgrep:$SAST_ANALYZER_IMAGE_TAG$[[ inputs.image_suffix ]]"
   rules:
     - if: $SAST_DISABLED
       when: never