Commit 0bc59499 authored by Stan Hu's avatar Stan Hu

Merge branch 'upgrade-dast-template' into 'master'

Remove stages definitions from the DAST CI template

See merge request gitlab-org/gitlab!63822
parents 6d0519eb a3158aa5
......@@ -23,13 +23,15 @@ RSpec.describe "CI YML Templates" do
end
context 'that support autodevops' do
non_autodevops_templates = [
'Security/DAST-API.gitlab-ci.yml',
'Security/API-Fuzzing.gitlab-ci.yml'
exceptions = [
'Security/DAST.gitlab-ci.yml', # DAST stage is defined inside AutoDevops yml
'Security/DAST-API.gitlab-ci.yml', # no auto-devops
'Security/API-Fuzzing.gitlab-ci.yml', # no auto-devops
'Terraform.gitlab-ci.yml'
]
where(:template_name) do
all_templates - non_autodevops_templates - ["Terraform.gitlab-ci.yml"]
all_templates - exceptions
end
with_them do
......
......@@ -13,127 +13,152 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) }
let(:ci_pipeline_yaml) { "stages: [\"dast\"]\n" }
before do
stub_ci_pipeline_yaml_file(template.content)
allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
allow(worker).to receive(:perform).and_return(true)
specify { expect(template).not_to be_nil }
context 'when ci yaml is just template' do
before do
stub_ci_pipeline_yaml_file(template.content)
allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
allow(worker).to receive(:perform).and_return(true)
end
allow(project).to receive(:default_branch).and_return(default_branch)
end
allow(project).to receive(:default_branch).and_return(default_branch)
end
context 'when project has no license' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
context 'when project has no license' do
it 'includes no jobs' do
expect(build_names).to be_empty
end
end
end
context 'when project has Ultimate license' do
let(:license) { build(:license, plan: License::ULTIMATE_PLAN) }
let(:cluster) { create(:cluster, :project, :provided_by_gcp, projects: [project]) }
context 'when stages includes dast' do
before do
allow(License).to receive(:current).and_return(license)
end
stub_ci_pipeline_yaml_file(ci_pipeline_yaml + template.content)
context 'by default' do
before do
allow(cluster).to receive(:active?).and_return(true)
allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
allow(worker).to receive(:perform).and_return(true)
end
it 'includes job' do
expect(build_names).to match_array(%w[dast])
allow(project).to receive(:default_branch).and_return(default_branch)
end
context 'when project has no license' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
context 'when cluster is not active' do
context 'by default' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
context 'when project has Ultimate license' do
let(:license) { build(:license, plan: License::ULTIMATE_PLAN) }
let(:cluster) { create(:cluster, :project, :provided_by_gcp, projects: [project]) }
before do
allow(License).to receive(:current).and_return(license)
end
context 'when DAST_WEBSITE is present' do
context 'by default' do
before do
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com')
allow(cluster).to receive(:active?).and_return(true)
end
it 'includes dast job' do
it 'includes job' do
expect(build_names).to match_array(%w[dast])
end
end
context 'when DAST_API_SPECIFICATION is present' do
before do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml')
context 'when cluster is not active' do
context 'by default' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
end
context 'when DAST_WEBSITE is present' do
before do
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com')
end
context 'when DAST_DISABLED=1' do
before do
allow(cluster).to receive(:active?).and_return(true)
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1')
end
context 'when DAST_API_SPECIFICATION is present' do
before do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml')
end
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
end
end
context 'when DAST_DISABLED_FOR_DEFAULT_BRANCH=1' do
before do
allow(cluster).to receive(:active?).and_return(true)
context 'when DAST_DISABLED=1' do
before do
allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'DAST_DISABLED_FOR_DEFAULT_BRANCH', value: '1')
end
create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1')
end
context 'when on default branch' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
context 'when on feature branch' do
let(:pipeline_branch) { 'patch-1' }
context 'when DAST_DISABLED_FOR_DEFAULT_BRANCH=1' do
before do
project.repository.create_branch(pipeline_branch)
allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'DAST_DISABLED_FOR_DEFAULT_BRANCH', value: '1')
end
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
context 'when on default branch' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
end
end
context 'when REVIEW_DISABLED=true' do
before do
allow(cluster).to receive(:active?).and_return(true)
context 'when on feature branch' do
let(:pipeline_branch) { 'patch-1' }
create(:ci_variable, project: project, key: 'REVIEW_DISABLED', value: 'true')
end
before do
project.repository.create_branch(pipeline_branch)
end
context 'when on default branch' do
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
end
context 'when on feature branch' do
let(:pipeline_branch) { 'patch-1' }
context 'when REVIEW_DISABLED=true' do
before do
project.repository.create_branch(pipeline_branch)
allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'REVIEW_DISABLED', value: 'true')
end
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
context 'when on default branch' do
it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
context 'when on feature branch' do
let(:pipeline_branch) { 'patch-1' }
before do
project.repository.create_branch(pipeline_branch)
end
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end
end
end
......
# To use this template, add the following to your .gitlab-ci.yml file:
#
# include:
# template: DAST.gitlab-ci.yml
#
# You also need to add a `dast` stage to your `stages:` configuration. A sample configuration for DAST:
#
# stages:
# - build
# - test
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
stages:
- build
- test
- deploy
- dast
variables:
DAST_VERSION: 2
# Setting this variable will affect all Security templates
......
......@@ -27,16 +27,17 @@ RSpec.describe 'CI YML Templates' do
end
context 'that support autodevops' do
non_autodevops_templates = [
'Security/DAST-API.gitlab-ci.yml',
'Security/API-Fuzzing.gitlab-ci.yml'
exceptions = [
'Security/DAST.gitlab-ci.yml', # DAST stage is defined inside AutoDevops yml
'Security/DAST-API.gitlab-ci.yml', # no auto-devops
'Security/API-Fuzzing.gitlab-ci.yml' # no auto-devops
]
context 'when including available templates in a CI YAML configuration' do
using RSpec::Parameterized::TableSyntax
where(:template_name) do
all_templates - excluded_templates - non_autodevops_templates
all_templates - excluded_templates - exceptions
end
with_them do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment