Commit 2ea03c29 authored by Tetiana Chupryna's avatar Tetiana Chupryna Committed by Shinya Maeda

Create auto_fix label

We need to assign a special label to identify bot's MRs
parent cb1a7626
...@@ -234,6 +234,7 @@ module EE ...@@ -234,6 +234,7 @@ module EE
enable :push_code enable :push_code
enable :create_merge_request_from enable :create_merge_request_from
enable :create_vulnerability_feedback enable :create_vulnerability_feedback
enable :admin_merge_request
end end
rule { issues_disabled & merge_requests_disabled }.policy do rule { issues_disabled & merge_requests_disabled }.policy do
......
# frozen_string_literal: true
module Security
class AutoFixLabelService < BaseContainerService
LABEL_PROPERTIES = {
title: 'GitLab-auto-fix',
color: '#FF8167',
description: <<~DESCRIPTION.chomp
Merge Requests created automatically by @GitLab-Security-Bot \
as a remediation of a security vulnerability
DESCRIPTION
}.freeze
def initialize(container:, current_user: nil, params: {})
super
@project = container
end
def execute
label = ::Labels::FindOrCreateService
.new(current_user, project, **LABEL_PROPERTIES)
.execute(skip_authorization: true)
ServiceResponse.success(payload: { label: label })
end
private
attr_reader :project
end
end
...@@ -18,7 +18,12 @@ module Security ...@@ -18,7 +18,12 @@ module Security
next unless vulnerability.remediations next unless vulnerability.remediations
result = VulnerabilityFeedback::CreateService.new(project, User.security_bot, service_params(vulnerability)).execute result = VulnerabilityFeedback::CreateService.new(project, User.security_bot, service_params(vulnerability)).execute
processed_vuln_ids.push vulnerability.id if result[:status] == :success
if result[:status] == :success
assign_label(result[:vulnerability_feedback].merge_request)
processed_vuln_ids.push vulnerability.id
end
end end
if processed_vuln_ids.any? if processed_vuln_ids.any?
...@@ -36,6 +41,18 @@ module Security ...@@ -36,6 +41,18 @@ module Security
project.security_setting.auto_fix_enabled_types project.security_setting.auto_fix_enabled_types
end end
def assign_label(merge_request)
::MergeRequests::UpdateService.new(project, User.security_bot, add_label_ids: [label.id])
.execute(merge_request)
end
def label
return @label if @label
service = ::Security::AutoFixLabelService.new(container: project, current_user: User.security_bot).execute
@label = service.payload[:label]
end
def service_params(vulnerability) def service_params(vulnerability)
{ {
feedback_type: :merge_request, feedback_type: :merge_request,
......
...@@ -557,6 +557,7 @@ RSpec.describe ProjectPolicy do ...@@ -557,6 +557,7 @@ RSpec.describe ProjectPolicy do
create_merge_request_in create_merge_request_in
create_vulnerability_feedback create_vulnerability_feedback
read_project read_project
admin_merge_request
) )
end end
......
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Security::AutoFixLabelService do
describe '#execute' do
subject(:execute) { described_class.new(container: project, current_user: bot).execute }
let_it_be(:project) { create(:project) }
let_it_be(:bot) { create(:user, :security_bot) }
let(:label_attributes) { described_class::LABEL_PROPERTIES }
let(:title) { label_attributes[:title] }
let(:color) { label_attributes[:color] }
let(:description) { label_attributes[:description] }
context 'when label exists' do
let!(:label) { create(:label, project: project, title: title) }
it 'finds existing label' do
result = execute
expect(result).to be_success
expect(execute.payload).to eq(label: label)
end
end
context 'when label does not exists' do
it 'creates a new label' do
result = execute
label = result.payload[:label]
expect(result).to be_success
expect(label.title).to eq(title)
expect(label.color).to eq(color)
expect(label.description).to eq(description)
end
end
end
end
...@@ -57,6 +57,15 @@ RSpec.describe Security::AutoFixService do ...@@ -57,6 +57,15 @@ RSpec.describe Security::AutoFixService do
expect(merge_request.description).to include("[#{identifier.external_id}](#{identifier.url})") expect(merge_request.description).to include("[#{identifier.external_id}](#{identifier.url})")
end end
it 'assign auto-fix label' do
execute_service
label = MergeRequest.last.labels.last
title = ::Security::AutoFixLabelService::LABEL_PROPERTIES[:title]
expect(label.title).to eq(title)
end
context 'when merge request exists' do context 'when merge request exists' do
let(:feedback) { create(:vulnerability_feedback, :merge_request) } let(:feedback) { create(:vulnerability_feedback, :merge_request) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment