Change the place we schedule the `StoreSecurityReportsWorker`

This is necessary as we are going to check if there were any errors
related to the security scans before ingesting the vulnerabilities into
the system.

ee/app/models/ee/ci/pipeline.rb

@@ -63,7 +63,6 @@ module EE
             next unless pipeline.can_store_security_reports?
 
             pipeline.run_after_commit do
-              StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?
               ::Security::StoreScansWorker.perform_async(pipeline.id)
             end
           end

ee/app/services/security/store_scans_service.rb

@@ -12,6 +12,8 @@ module Security
 
     def execute
       grouped_report_artifacts.each { |artifacts| StoreGroupedScansService.execute(artifacts) }
+
+      schedule_store_reports_worker
     end
 
     private
@@ -31,5 +33,9 @@ module Security
     def parse_report_file?(file_type)
       project.feature_available?(Ci::Build::LICENSED_PARSER_FEATURES.fetch(file_type))
     end
+
+    def schedule_store_reports_worker
+      StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?
+    end
   end
 end

ee/spec/models/ci/pipeline_spec.rb

@@ -172,77 +172,50 @@ RSpec.describe Ci::Pipeline do
     end
   end
 
-  describe 'Store security reports worker' do
-    shared_examples_for 'storing the security reports' do |transition|
-      let(:default_branch) { pipeline.ref }
-
+  describe '::Security::StoreScansWorker' do
+    shared_examples_for 'storing the security scans' do |transition|
       subject(:transition_pipeline) { pipeline.update!(status_event: transition) }
 
       before do
-        allow(StoreSecurityReportsWorker).to receive(:perform_async)
-        allow(project).to receive(:default_branch).and_return(default_branch)
+        allow(::Security::StoreScansWorker).to receive(:perform_async)
         allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports)
       end
 
-      context 'when the security reports can be stored for the pipeline' do
+      context 'when the security scans can be stored for the pipeline' do
         let(:can_store_security_reports) { true }
 
-        context 'when the ref is the default branch of project' do
-          it 'schedules store security report worker' do
-            transition_pipeline
-
-            expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
-          end
-        end
+        it 'schedules store security scans job' do
+          transition_pipeline
 
-        context 'when the ref is not the default branch of project' do
-          let(:default_branch) { 'another_branch' }
-
-          it 'does not schedule store security report worker' do
-            transition_pipeline
-
-            expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
-          end
+          expect(::Security::StoreScansWorker).to have_received(:perform_async).with(pipeline.id)
         end
       end
 
-      context 'when the security reports can not be stored for the pipeline' do
+      context 'when the security scans can not be stored for the pipeline' do
         let(:can_store_security_reports) { false }
 
-        context 'when the ref is the default branch of project' do
-          it 'does not schedule store security report worker' do
-            transition_pipeline
+        it 'does not schedule store security scans job' do
+          transition_pipeline
 
-            expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
-          end
-        end
-
-        context 'when the ref is not the default branch of project' do
-          let(:default_branch) { 'another_branch' }
-
-          it 'does not schedule store security report worker' do
-            transition_pipeline
-
-            expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
-          end
+          expect(::Security::StoreScansWorker).not_to have_received(:perform_async)
         end
       end
     end
 
     context 'when pipeline is succeeded' do
-      it_behaves_like 'storing the security reports', :succeed
+      it_behaves_like 'storing the security scans', :succeed
     end
 
     context 'when pipeline is dropped' do
-      it_behaves_like 'storing the security reports', :drop
+      it_behaves_like 'storing the security scans', :drop
     end
 
     context 'when pipeline is skipped' do
-      it_behaves_like 'storing the security reports', :skip
+      it_behaves_like 'storing the security scans', :skip
     end
 
     context 'when pipeline is canceled' do
-      it_behaves_like 'storing the security reports', :cancel
+      it_behaves_like 'storing the security scans', :cancel
     end
   end
 

ee/spec/services/security/store_scans_service_spec.rb

@@ -33,7 +33,9 @@ RSpec.describe Security::StoreScansService do
     subject(:store_group_of_artifacts) { service_object.execute }
 
     before do
+      allow(StoreSecurityReportsWorker).to receive(:perform_async)
       allow(Security::StoreGroupedScansService).to receive(:execute)
+
       stub_licensed_features(sast: true, dast: false)
     end
 
@@ -43,5 +45,29 @@ RSpec.describe Security::StoreScansService do
       expect(Security::StoreGroupedScansService).to have_received(:execute).with([sast_artifact])
       expect(Security::StoreGroupedScansService).not_to have_received(:execute).with([dast_artifact])
     end
+
+    context 'when the pipeline is for the default branch' do
+      before do
+        allow(pipeline).to receive(:default_branch?).and_return(true)
+      end
+
+      it 'schedules the `StoreSecurityReportsWorker`' do
+        store_group_of_artifacts
+
+        expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
+      end
+    end
+
+    context 'when the pipeline is not for the default branch' do
+      before do
+        allow(pipeline).to receive(:default_branch?).and_return(false)
+      end
+
+      it 'does not schedule the `StoreSecurityReportsWorker`' do
+        store_group_of_artifacts
+
+        expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
+      end
+    end
   end
 end