Merge branch 'token_revoke_public_project' into 'master'

Allow token revocation for public projects only

See merge request gitlab-org/gitlab!53734

ee/app/workers/store_security_reports_worker.rb

@@ -27,6 +27,7 @@ class StoreSecurityReportsWorker # rubocop:disable Scalability/IdempotentWorker
 
   def revoke_secret_detection_token?(pipeline)
     pipeline.present? &&
+      pipeline.project.public? &&
       ::Gitlab::CurrentSettings.secret_detection_token_revocation_enabled? &&
       secret_detection_vulnerability_found?(pipeline)
   end

ee/changelogs/unreleased/token_revoke_public_project.yml

+---
+title: Allow token revocation for public projects only
+merge_request: 53734
+author:
+type: changed

ee/spec/workers/store_security_reports_worker_spec.rb

@@ -18,18 +18,17 @@ RSpec.describe StoreSecurityReportsWorker do
   describe '#revoke_secret_detection_token?' do
     using RSpec::Parameterized::TableSyntax
 
-    where(:pipeline, :token_revocation_enabled, :secret_detection_vulnerability_found, :expected_result) do
-      Object.new  | true  | true  | true
-      Object.new  | true  | false | false
-      Object.new  | false | true  | false
-      Object.new  | false | false | false
-      nil         | true  | true  | false
-      nil         | true  | false | false
-      nil         | false | true  | false
-      nil         | false | false | false
+    where(:visibility, :token_revocation_enabled, :secret_detection_vulnerability_found) do
+      booleans = [true, true, false, false].permutation(2).to_a.uniq
+      [:public, :private, nil].flat_map do |vis|
+        booleans.map { |bools| [vis, *bools] }
+      end
     end
 
     with_them do
+      let(:pipeline) { build(:ci_pipeline, project: build(:project, :repository, visibility)) if visibility }
+      let(:expected_result) { [visibility, token_revocation_enabled, secret_detection_vulnerability_found] == [:public, true, true] }
+
       before do
         stub_application_setting(secret_detection_token_revocation_enabled: token_revocation_enabled)