Merge branch '9192-secure-e2e-tests-merge-request' into 'master'

Added E2E test for vulnerability reports within MRs

Closes #9192

See merge request gitlab-org/gitlab-ee!14847

ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue

@@ -271,6 +271,7 @@ export default {
     :error-text="groupedSummaryText"
     :has-issues="true"
     class="mr-widget-border-top grouped-security-reports mr-report"
+    data-qa-selector="vulnerability_report_grouped"
   >
     <div v-if="pipelinePath" slot="actionButtons">
       <a

qa/qa/ee/page/merge_request/show.rb

@@ -37,6 +37,10 @@ module QA
                 element :approver_list
               end
 
+              view 'ee/app/assets/javascripts/vue_shared/security_reports/grouped_security_reports_app.vue' do
+                element :vulnerability_report_grouped
+              end
+
               def start_review
                 click_element :start_review
               end
@@ -73,6 +77,18 @@ module QA
                   all_elements(:approver).map { |item| item.find('img')['title'] }
                 end
               end
+
+              def has_vulnerability_report?(timeout: 60)
+                wait(reload: true, max: timeout, interval: 1) do
+                  finished_loading?
+                  has_element?(:vulnerability_report_grouped, wait: 1)
+                end
+              end
+
+              def has_detected_vulnerability_count_of?(expected)
+                # Match text cut off in order to find both "1 vulnerability" and "X vulnerabilities"
+                find_element(:vulnerability_report_grouped).has_content?("detected #{expected} vulnerabilit")
+              end
             end
           end
         end

qa/qa/specs/features/ee/browser_ui/secure/create_merge_request_with_secure_spec.rb

+# frozen_string_literal: true
+
+require 'pathname'
+
+module QA
+  context 'Secure', :docker do
+    describe 'Security Reports in a Merge Request' do
+      after do
+        Service::Runner.new(@executor).remove!
+      end
+
+      before do
+        @executor = "qa-runner-#{Time.now.to_i}"
+
+        Runtime::Browser.visit(:gitlab, Page::Main::Login)
+        Page::Main::Login.perform(&:sign_in_using_credentials)
+
+        @project = Resource::Project.fabricate_via_api! do |p|
+          p.name = Runtime::Env.auto_devops_project_name || 'project-with-secure'
+          p.description = 'Project with Secure'
+          p.initialize_with_readme = true
+        end
+
+        Resource::Runner.fabricate! do |runner|
+          runner.project = @project
+          runner.name = @executor
+          runner.tags = %w[qa test]
+        end
+
+        # Push fixture to generate Secure reports
+        @source = Resource::Repository::ProjectPush.fabricate! do |push|
+          push.project = @project
+          push.directory = Pathname
+            .new(__dir__)
+            .join('../../../../../ee/fixtures/secure_premade_reports')
+          push.commit_message = 'Create Secure compatible application to serve premade reports'
+          push.branch_name = 'secure-mr'
+        end
+
+        # Fabricate via browser UI to avoid independent navigation
+        Resource::MergeRequest.fabricate_via_browser_ui! do |mr|
+          mr.project = @project
+          mr.source_branch = 'secure-mr'
+          mr.target_branch = 'master'
+          mr.source = @source
+          mr.target = 'master'
+          mr.target_new_branch = false
+        end
+      end
+
+      it 'displays the Security report in the merge request' do
+        Page::MergeRequest::Show.perform do |mergerequest|
+          expect(mergerequest).to have_vulnerability_report(timeout: 60)
+          expect(mergerequest).to have_detected_vulnerability_count_of "2"
+        end
+      end
+    end
+  end
+end