Commit 8315f824 authored by Mehmet Emin INAC's avatar Mehmet Emin INAC

Change the place we schedule the `StoreSecurityReportsWorker`

This is necessary as we are going to check if there were any errors
related to the security scans before ingesting the vulnerabilities into
the system.
parent 91b16296
...@@ -63,7 +63,6 @@ module EE ...@@ -63,7 +63,6 @@ module EE
next unless pipeline.can_store_security_reports? next unless pipeline.can_store_security_reports?
pipeline.run_after_commit do pipeline.run_after_commit do
StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?
::Security::StoreScansWorker.perform_async(pipeline.id) ::Security::StoreScansWorker.perform_async(pipeline.id)
end end
end end
......
...@@ -12,6 +12,8 @@ module Security ...@@ -12,6 +12,8 @@ module Security
def execute def execute
grouped_report_artifacts.each { |artifacts| StoreGroupedScansService.execute(artifacts) } grouped_report_artifacts.each { |artifacts| StoreGroupedScansService.execute(artifacts) }
schedule_store_reports_worker
end end
private private
...@@ -31,5 +33,9 @@ module Security ...@@ -31,5 +33,9 @@ module Security
def parse_report_file?(file_type) def parse_report_file?(file_type)
project.feature_available?(Ci::Build::LICENSED_PARSER_FEATURES.fetch(file_type)) project.feature_available?(Ci::Build::LICENSED_PARSER_FEATURES.fetch(file_type))
end end
def schedule_store_reports_worker
StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?
end
end end
end end
...@@ -172,77 +172,50 @@ RSpec.describe Ci::Pipeline do ...@@ -172,77 +172,50 @@ RSpec.describe Ci::Pipeline do
end end
end end
describe 'Store security reports worker' do describe '::Security::StoreScansWorker' do
shared_examples_for 'storing the security reports' do |transition| shared_examples_for 'storing the security scans' do |transition|
let(:default_branch) { pipeline.ref }
subject(:transition_pipeline) { pipeline.update!(status_event: transition) } subject(:transition_pipeline) { pipeline.update!(status_event: transition) }
before do before do
allow(StoreSecurityReportsWorker).to receive(:perform_async) allow(::Security::StoreScansWorker).to receive(:perform_async)
allow(project).to receive(:default_branch).and_return(default_branch)
allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports) allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports)
end end
context 'when the security reports can be stored for the pipeline' do context 'when the security scans can be stored for the pipeline' do
let(:can_store_security_reports) { true } let(:can_store_security_reports) { true }
context 'when the ref is the default branch of project' do it 'schedules store security scans job' do
it 'schedules store security report worker' do transition_pipeline
transition_pipeline
expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
end
end
context 'when the ref is not the default branch of project' do expect(::Security::StoreScansWorker).to have_received(:perform_async).with(pipeline.id)
let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end end
end end
context 'when the security reports can not be stored for the pipeline' do context 'when the security scans can not be stored for the pipeline' do
let(:can_store_security_reports) { false } let(:can_store_security_reports) { false }
context 'when the ref is the default branch of project' do it 'does not schedule store security scans job' do
it 'does not schedule store security report worker' do transition_pipeline
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async) expect(::Security::StoreScansWorker).not_to have_received(:perform_async)
end
end
context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do
transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end end
end end
end end
context 'when pipeline is succeeded' do context 'when pipeline is succeeded' do
it_behaves_like 'storing the security reports', :succeed it_behaves_like 'storing the security scans', :succeed
end end
context 'when pipeline is dropped' do context 'when pipeline is dropped' do
it_behaves_like 'storing the security reports', :drop it_behaves_like 'storing the security scans', :drop
end end
context 'when pipeline is skipped' do context 'when pipeline is skipped' do
it_behaves_like 'storing the security reports', :skip it_behaves_like 'storing the security scans', :skip
end end
context 'when pipeline is canceled' do context 'when pipeline is canceled' do
it_behaves_like 'storing the security reports', :cancel it_behaves_like 'storing the security scans', :cancel
end end
end end
......
...@@ -33,7 +33,9 @@ RSpec.describe Security::StoreScansService do ...@@ -33,7 +33,9 @@ RSpec.describe Security::StoreScansService do
subject(:store_group_of_artifacts) { service_object.execute } subject(:store_group_of_artifacts) { service_object.execute }
before do before do
allow(StoreSecurityReportsWorker).to receive(:perform_async)
allow(Security::StoreGroupedScansService).to receive(:execute) allow(Security::StoreGroupedScansService).to receive(:execute)
stub_licensed_features(sast: true, dast: false) stub_licensed_features(sast: true, dast: false)
end end
...@@ -43,5 +45,29 @@ RSpec.describe Security::StoreScansService do ...@@ -43,5 +45,29 @@ RSpec.describe Security::StoreScansService do
expect(Security::StoreGroupedScansService).to have_received(:execute).with([sast_artifact]) expect(Security::StoreGroupedScansService).to have_received(:execute).with([sast_artifact])
expect(Security::StoreGroupedScansService).not_to have_received(:execute).with([dast_artifact]) expect(Security::StoreGroupedScansService).not_to have_received(:execute).with([dast_artifact])
end end
context 'when the pipeline is for the default branch' do
before do
allow(pipeline).to receive(:default_branch?).and_return(true)
end
it 'schedules the `StoreSecurityReportsWorker`' do
store_group_of_artifacts
expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
end
end
context 'when the pipeline is not for the default branch' do
before do
allow(pipeline).to receive(:default_branch?).and_return(false)
end
it 'does not schedule the `StoreSecurityReportsWorker`' do
store_group_of_artifacts
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment