Commit 13d059fa authored by Sean McGivern's avatar Sean McGivern

Merge branch '247490-vuln-blocked-pipeline-in-security-dashboard' into 'master'

Extend state transition that initiate creation of vulnerabilities in database to blocked pipeline state

See merge request gitlab-org/gitlab!56779
parents 8b3f42f9 f9f56b76
......@@ -43,6 +43,14 @@ module Ci
def completed_statuses
COMPLETED_STATUSES.map(&:to_sym)
end
def blocked_statuses
BLOCKED_STATUS.map(&:to_sym)
end
def completed_and_blocked_statuses
completed_statuses + blocked_statuses
end
end
included do
......
......@@ -52,7 +52,7 @@ module EE
}.freeze
state_machine :status do
after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline|
after_transition any => ::Ci::Pipeline.completed_and_blocked_statuses do |pipeline|
next unless pipeline.can_store_security_reports?
pipeline.run_after_commit do
......
---
title: Extend state transition that initiate creation of vulnerabilities in database
to blocked pipeline state
merge_request: 56779
author:
type: added
......@@ -164,63 +164,69 @@ RSpec.describe Ci::Pipeline do
end
end
describe 'Store security reports worker' do
shared_examples_for 'storing the security reports' do |transition|
let(:default_branch) { pipeline.ref }
shared_examples_for 'storing the security reports' do |transition|
let(:default_branch) { pipeline.ref }
subject(:transition_pipeline) { pipeline.update!(status_event: transition) }
subject(:transition_pipeline) { pipeline.update!(status_event: transition) }
before do
allow(StoreSecurityReportsWorker).to receive(:perform_async)
allow(project).to receive(:default_branch).and_return(default_branch)
allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports)
end
before do
allow(StoreSecurityReportsWorker).to receive(:perform_async)
allow(::Security::StoreScansWorker).to receive(:perform_async)
allow(SyncSecurityReportsToReportApprovalRulesWorker).to receive(:perform_async)
allow(project).to receive(:default_branch).and_return(default_branch)
allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports)
end
context 'when the security reports can be stored for the pipeline' do
let(:can_store_security_reports) { true }
context 'when the security reports can be stored for the pipeline' do
let(:can_store_security_reports) { true }
context 'when the ref is the default branch of project' do
it 'schedules store security report worker' do
transition_pipeline
context 'when the ref is the default branch of project' do
it 'schedules relevant workers', :aggregate_failures do
transition_pipeline
expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
end
expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
expect(::Security::StoreScansWorker).to have_received(:perform_async).with(pipeline.id)
expect(SyncSecurityReportsToReportApprovalRulesWorker).to have_received(:perform_async).with(pipeline.id)
end
end
context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' }
context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do
transition_pipeline
it 'does not schedule store security report worker' do
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end
end
context 'when the security reports can not be stored for the pipeline' do
let(:can_store_security_reports) { false }
context 'when the security reports can not be stored for the pipeline' do
let(:can_store_security_reports) { false }
context 'when the ref is the default branch of project' do
it 'does not schedule store security report worker' do
transition_pipeline
context 'when the ref is the default branch of project', :aggregate_failures do
it 'does not relevant workers' do
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
expect(::Security::StoreScansWorker).not_to have_received(:perform_async)
expect(SyncSecurityReportsToReportApprovalRulesWorker).not_to have_received(:perform_async)
end
end
context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' }
context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do
transition_pipeline
it 'does not schedule store security report worker' do
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end
end
end
describe 'schedules security report related workers' do
context 'when pipeline is succeeded' do
it_behaves_like 'storing the security reports', :succeed
end
......@@ -236,6 +242,10 @@ RSpec.describe Ci::Pipeline do
context 'when pipeline is canceled' do
it_behaves_like 'storing the security reports', :cancel
end
context 'when pipeline is blocked' do
it_behaves_like 'storing the security reports', :block
end
end
describe '#license_scanning_reports' do
......
......@@ -197,6 +197,12 @@ RSpec.describe Ci::HasStatus do
end
end
describe '.completed_and_blocked_statuses' do
subject { Ci::Pipeline.completed_and_blocked_statuses }
it { is_expected.to eq [:success, :failed, :canceled, :skipped, :manual, :scheduled] }
end
context 'for scope with one status' do
shared_examples 'having a job' do |status|
%i[ci_build generic_commit_status].each do |type|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment