Commit 0bc59499 authored by Stan Hu's avatar Stan Hu

Merge branch 'upgrade-dast-template' into 'master'

Remove stages definitions from the DAST CI template

See merge request gitlab-org/gitlab!63822
parents 6d0519eb a3158aa5
...@@ -23,13 +23,15 @@ RSpec.describe "CI YML Templates" do ...@@ -23,13 +23,15 @@ RSpec.describe "CI YML Templates" do
end end
context 'that support autodevops' do context 'that support autodevops' do
non_autodevops_templates = [ exceptions = [
'Security/DAST-API.gitlab-ci.yml', 'Security/DAST.gitlab-ci.yml', # DAST stage is defined inside AutoDevops yml
'Security/API-Fuzzing.gitlab-ci.yml' 'Security/DAST-API.gitlab-ci.yml', # no auto-devops
'Security/API-Fuzzing.gitlab-ci.yml', # no auto-devops
'Terraform.gitlab-ci.yml'
] ]
where(:template_name) do where(:template_name) do
all_templates - non_autodevops_templates - ["Terraform.gitlab-ci.yml"] all_templates - exceptions
end end
with_them do with_them do
......
...@@ -13,127 +13,152 @@ RSpec.describe 'DAST.gitlab-ci.yml' do ...@@ -13,127 +13,152 @@ RSpec.describe 'DAST.gitlab-ci.yml' do
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) }
let(:pipeline) { service.execute!(:push) } let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) } let(:build_names) { pipeline.builds.pluck(:name) }
let(:ci_pipeline_yaml) { "stages: [\"dast\"]\n" }
before do specify { expect(template).not_to be_nil }
stub_ci_pipeline_yaml_file(template.content)
allow_next_instance_of(Ci::BuildScheduleWorker) do |worker| context 'when ci yaml is just template' do
allow(worker).to receive(:perform).and_return(true) before do
stub_ci_pipeline_yaml_file(template.content)
allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
allow(worker).to receive(:perform).and_return(true)
end
allow(project).to receive(:default_branch).and_return(default_branch)
end end
allow(project).to receive(:default_branch).and_return(default_branch)
end
context 'when project has no license' do context 'when project has no license' do
it 'includes no jobs' do it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError) expect(build_names).to be_empty
end
end end
end end
context 'when project has Ultimate license' do context 'when stages includes dast' do
let(:license) { build(:license, plan: License::ULTIMATE_PLAN) }
let(:cluster) { create(:cluster, :project, :provided_by_gcp, projects: [project]) }
before do before do
allow(License).to receive(:current).and_return(license) stub_ci_pipeline_yaml_file(ci_pipeline_yaml + template.content)
end
context 'by default' do allow_next_instance_of(Ci::BuildScheduleWorker) do |worker|
before do allow(worker).to receive(:perform).and_return(true)
allow(cluster).to receive(:active?).and_return(true)
end end
it 'includes job' do allow(project).to receive(:default_branch).and_return(default_branch)
expect(build_names).to match_array(%w[dast]) end
context 'when project has no license' do
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end end
end end
context 'when cluster is not active' do context 'when project has Ultimate license' do
context 'by default' do let(:license) { build(:license, plan: License::ULTIMATE_PLAN) }
it 'includes no jobs' do let(:cluster) { create(:cluster, :project, :provided_by_gcp, projects: [project]) }
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end before do
allow(License).to receive(:current).and_return(license)
end end
context 'when DAST_WEBSITE is present' do context 'by default' do
before do before do
create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com') allow(cluster).to receive(:active?).and_return(true)
end end
it 'includes dast job' do it 'includes job' do
expect(build_names).to match_array(%w[dast]) expect(build_names).to match_array(%w[dast])
end end
end end
context 'when DAST_API_SPECIFICATION is present' do context 'when cluster is not active' do
before do context 'by default' do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml') it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end end
it 'includes dast job' do context 'when DAST_WEBSITE is present' do
expect(build_names).to match_array(%w[dast]) before do
end create(:ci_variable, project: project, key: 'DAST_WEBSITE', value: 'http://example.com')
end end
end
context 'when DAST_DISABLED=1' do it 'includes dast job' do
before do expect(build_names).to match_array(%w[dast])
allow(cluster).to receive(:active?).and_return(true) end
end
create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1') context 'when DAST_API_SPECIFICATION is present' do
end before do
create(:ci_variable, project: project, key: 'DAST_API_SPECIFICATION', value: 'http://my.api/api-specification.yml')
end
it 'includes no jobs' do it 'includes dast job' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError) expect(build_names).to match_array(%w[dast])
end
end
end end
end
context 'when DAST_DISABLED_FOR_DEFAULT_BRANCH=1' do context 'when DAST_DISABLED=1' do
before do before do
allow(cluster).to receive(:active?).and_return(true) allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'DAST_DISABLED_FOR_DEFAULT_BRANCH', value: '1') create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1')
end end
context 'when on default branch' do
it 'includes no jobs' do it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError) expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end end
end end
context 'when on feature branch' do context 'when DAST_DISABLED_FOR_DEFAULT_BRANCH=1' do
let(:pipeline_branch) { 'patch-1' }
before do before do
project.repository.create_branch(pipeline_branch) allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'DAST_DISABLED_FOR_DEFAULT_BRANCH', value: '1')
end end
it 'includes dast job' do context 'when on default branch' do
expect(build_names).to match_array(%w[dast]) it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end end
end
end
context 'when REVIEW_DISABLED=true' do context 'when on feature branch' do
before do let(:pipeline_branch) { 'patch-1' }
allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'REVIEW_DISABLED', value: 'true') before do
end project.repository.create_branch(pipeline_branch)
end
context 'when on default branch' do it 'includes dast job' do
it 'includes dast job' do expect(build_names).to match_array(%w[dast])
expect(build_names).to match_array(%w[dast]) end
end end
end end
context 'when on feature branch' do context 'when REVIEW_DISABLED=true' do
let(:pipeline_branch) { 'patch-1' }
before do before do
project.repository.create_branch(pipeline_branch) allow(cluster).to receive(:active?).and_return(true)
create(:ci_variable, project: project, key: 'REVIEW_DISABLED', value: 'true')
end end
it 'includes no jobs' do context 'when on default branch' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError) it 'includes dast job' do
expect(build_names).to match_array(%w[dast])
end
end
context 'when on feature branch' do
let(:pipeline_branch) { 'patch-1' }
before do
project.repository.create_branch(pipeline_branch)
end
it 'includes no jobs' do
expect { pipeline }.to raise_error(Ci::CreatePipelineService::CreateError)
end
end end
end end
end end
......
# To use this template, add the following to your .gitlab-ci.yml file:
#
# include:
# template: DAST.gitlab-ci.yml
#
# You also need to add a `dast` stage to your `stages:` configuration. A sample configuration for DAST:
#
# stages:
# - build
# - test
# - deploy
# - dast
# Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/ # Read more about this feature here: https://docs.gitlab.com/ee/user/application_security/dast/
# Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html). # Configure DAST with CI/CD variables (https://docs.gitlab.com/ee/ci/variables/README.html).
# List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables # List of available variables: https://docs.gitlab.com/ee/user/application_security/dast/#available-variables
stages:
- build
- test
- deploy
- dast
variables: variables:
DAST_VERSION: 2 DAST_VERSION: 2
# Setting this variable will affect all Security templates # Setting this variable will affect all Security templates
......
...@@ -27,16 +27,17 @@ RSpec.describe 'CI YML Templates' do ...@@ -27,16 +27,17 @@ RSpec.describe 'CI YML Templates' do
end end
context 'that support autodevops' do context 'that support autodevops' do
non_autodevops_templates = [ exceptions = [
'Security/DAST-API.gitlab-ci.yml', 'Security/DAST.gitlab-ci.yml', # DAST stage is defined inside AutoDevops yml
'Security/API-Fuzzing.gitlab-ci.yml' 'Security/DAST-API.gitlab-ci.yml', # no auto-devops
'Security/API-Fuzzing.gitlab-ci.yml' # no auto-devops
] ]
context 'when including available templates in a CI YAML configuration' do context 'when including available templates in a CI YAML configuration' do
using RSpec::Parameterized::TableSyntax using RSpec::Parameterized::TableSyntax
where(:template_name) do where(:template_name) do
all_templates - excluded_templates - non_autodevops_templates all_templates - excluded_templates - exceptions
end end
with_them do with_them do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment