Add `latest` column into `security_scans` table

We need to store the `latest` information in the `security_scans` table as we can't join to the `ci_builds` table anymore. Changelog: added

Add `latest` column into `security_scans` table
We need to store the `latest` information in the `security_scans` table as we can't join to the `ci_builds` table anymore. Changelog: added
794d1c2f · Mehmet Emin INAC · cc14366f · 794d1c2f · 794d1c2f · 794d1c2f
Commit 794d1c2f authored Sep 02, 2021 by Mehmet Emin INAC
5 changed files
--- a/db/migrate/20210902171406_add_latest_column_into_the_security_scans_table.rb
+++ b/db/migrate/20210902171406_add_latest_column_into_the_security_scans_table.rb
+# frozen_string_literal: true
+
+class AddLatestColumnIntoTheSecurityScansTable < Gitlab::Database::Migration[1.0]
+  def up
+    with_lock_retries do
+      add_column :security_scans, :latest, :boolean, default: true, null: false
+    end
+  end
+
+  def down
+    with_lock_retries do
+      remove_column :security_scans, :latest
+    end
+  end
+end
--- a/db/schema_migrations/20210902171406
+++ b/db/schema_migrations/20210902171406
+d7be9a34d626e507add67f407a6fa0b45f16b244e8ebeeb071debc538fa25b49
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -18242,7 +18242,8 @@ CREATE TABLE security_scans (
    scan_type smallint NOT NULL,
    info jsonb DEFAULT '{}'::jsonb NOT NULL,
    project_id bigint,
-    pipeline_id bigint
+    pipeline_id bigint,
+    latest boolean DEFAULT true NOT NULL
 );

 CREATE SEQUENCE security_scans_id_seq
--- a/ee/app/services/security/store_scan_service.rb
+++ b/ee/app/services/security/store_scan_service.rb
@@ -19,12 +19,11 @@ module Security
    end

    def execute
-      return deduplicate if security_scan.has_errors?
+      set_security_scan_non_latest! if artifact.job.retried?

-      StoreFindingsMetadataService.execute(security_scan, security_report)
-      deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
+      return deduplicate if security_scan.has_errors? || !security_scan.latest?

-      deduplicate_findings?
+      store_findings
    end

    private
@@ -48,6 +47,17 @@ module Security
      end
    end

+    def store_findings
+      StoreFindingsMetadataService.execute(security_scan, security_report)
+      deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
+
+      deduplicate_findings?
+    end
+
+    def set_security_scan_non_latest!
+      security_scan.update!(latest: false)
+    end
+
    def deduplicate_findings?
      deduplicate || security_scan.saved_changes?
    end

--- a/ee/spec/services/security/store_scan_service_spec.rb
+++ b/ee/spec/services/security/store_scan_service_spec.rb
@@ -3,7 +3,7 @@
 require 'spec_helper'

 RSpec.describe Security::StoreScanService do
-  let_it_be(:artifact) { create(:ee_ci_job_artifact, :sast) }
+  let_it_be_with_refind(:artifact) { create(:ee_ci_job_artifact, :sast) }

  let(:known_keys) { Set.new }

@@ -96,6 +96,18 @@ RSpec.describe Security::StoreScanService do
      end
    end

+    context 'when the report is produced by a retried job' do
+      before do
+        artifact.job.update!(retried: true)
+      end
+
+      it 'does not call the `Security::StoreFindingsMetadataService` and sets the security scan as non latest' do
+        expect { store_scan }.to change { Security::Scan.where(latest: false).count }.by(1)
+
+        expect(Security::StoreFindingsMetadataService).not_to have_received(:execute)
+      end
+    end
+
    context 'when the report does not have any errors' do
      before do
        artifact.security_report.errors.clear