Commit e991f597 authored by Avielle Wolfe's avatar Avielle Wolfe Committed by Jarka Košanová

Add security reports to downloadable types

This will allow users to download security reports as pipeline
artifacts.

https://gitlab.com/gitlab-org/gitlab/-/issues/23847
parent 0b90507d
...@@ -87,8 +87,12 @@ module Ci ...@@ -87,8 +87,12 @@ module Ci
scope :unstarted, ->() { where(runner_id: nil) } scope :unstarted, ->() { where(runner_id: nil) }
scope :ignore_failures, ->() { where(allow_failure: false) } scope :ignore_failures, ->() { where(allow_failure: false) }
scope :with_artifacts_archive, ->() do scope :with_downloadable_artifacts, ->() do
where('EXISTS (?)', Ci::JobArtifact.select(1).where('ci_builds.id = ci_job_artifacts.job_id').archive) where('EXISTS (?)',
Ci::JobArtifact.select(1)
.where('ci_builds.id = ci_job_artifacts.job_id')
.where(file_type: Ci::JobArtifact::DOWNLOADABLE_TYPES)
)
end end
scope :with_existing_job_artifacts, ->(query) do scope :with_existing_job_artifacts, ->(query) do
...@@ -130,8 +134,8 @@ module Ci ...@@ -130,8 +134,8 @@ module Ci
.includes(:metadata, :job_artifacts_metadata) .includes(:metadata, :job_artifacts_metadata)
end end
scope :with_artifacts_not_expired, ->() { with_artifacts_archive.where('artifacts_expire_at IS NULL OR artifacts_expire_at > ?', Time.now) } scope :with_artifacts_not_expired, ->() { with_downloadable_artifacts.where('artifacts_expire_at IS NULL OR artifacts_expire_at > ?', Time.now) }
scope :with_expired_artifacts, ->() { with_artifacts_archive.where('artifacts_expire_at < ?', Time.now) } scope :with_expired_artifacts, ->() { with_downloadable_artifacts.where('artifacts_expire_at < ?', Time.now) }
scope :last_month, ->() { where('created_at > ?', Date.today - 1.month) } scope :last_month, ->() { where('created_at > ?', Date.today - 1.month) }
scope :manual_actions, ->() { where(when: :manual, status: COMPLETED_STATUSES + %i[manual]) } scope :manual_actions, ->() { where(when: :manual, status: COMPLETED_STATUSES + %i[manual]) }
scope :scheduled_actions, ->() { where(when: :delayed, status: COMPLETED_STATUSES + %i[scheduled]) } scope :scheduled_actions, ->() { where(when: :delayed, status: COMPLETED_STATUSES + %i[scheduled]) }
......
...@@ -70,6 +70,24 @@ module Ci ...@@ -70,6 +70,24 @@ module Ci
terraform: :raw terraform: :raw
}.freeze }.freeze
DOWNLOADABLE_TYPES = %w[
accessibility
archive
cobertura
codequality
container_scanning
dast
dependency_scanning
dotenv
junit
license_management
license_scanning
lsif
metrics
performance
sast
].freeze
TYPE_AND_FORMAT_PAIRS = INTERNAL_TYPES.merge(REPORT_TYPES).freeze TYPE_AND_FORMAT_PAIRS = INTERNAL_TYPES.merge(REPORT_TYPES).freeze
# This is required since we cannot add a default to the database # This is required since we cannot add a default to the database
......
...@@ -788,7 +788,7 @@ module Ci ...@@ -788,7 +788,7 @@ module Ci
end end
def find_job_with_archive_artifacts(name) def find_job_with_archive_artifacts(name)
builds.latest.with_artifacts_archive.find_by_name(name) builds.latest.with_downloadable_artifacts.find_by_name(name)
end end
def latest_builds_with_artifacts def latest_builds_with_artifacts
......
...@@ -840,7 +840,7 @@ class Project < ApplicationRecord ...@@ -840,7 +840,7 @@ class Project < ApplicationRecord
latest_pipeline = ci_pipelines.latest_successful_for_ref(ref) latest_pipeline = ci_pipelines.latest_successful_for_ref(ref)
return unless latest_pipeline return unless latest_pipeline
latest_pipeline.builds.latest.with_artifacts_archive.find_by(name: job_name) latest_pipeline.builds.latest.with_downloadable_artifacts.find_by(name: job_name)
end end
def latest_successful_build_for_sha(job_name, sha) def latest_successful_build_for_sha(job_name, sha)
...@@ -849,7 +849,7 @@ class Project < ApplicationRecord ...@@ -849,7 +849,7 @@ class Project < ApplicationRecord
latest_pipeline = ci_pipelines.latest_successful_for_sha(sha) latest_pipeline = ci_pipelines.latest_successful_for_sha(sha)
return unless latest_pipeline return unless latest_pipeline
latest_pipeline.builds.latest.with_artifacts_archive.find_by(name: job_name) latest_pipeline.builds.latest.with_downloadable_artifacts.find_by(name: job_name)
end end
def latest_successful_build_for_ref!(job_name, ref = default_branch) def latest_successful_build_for_ref!(job_name, ref = default_branch)
......
---
title: Make report-type artifacts available for download
merge_request: 31513
author:
type: added
...@@ -450,13 +450,13 @@ If you need to manually remove job artifacts associated with multiple jobs while ...@@ -450,13 +450,13 @@ If you need to manually remove job artifacts associated with multiple jobs while
```ruby ```ruby
project = Project.find_by_full_path('path/to/project') project = Project.find_by_full_path('path/to/project')
builds_with_artifacts = project.builds.with_artifacts_archive builds_with_artifacts = project.builds.with_downloadable_artifacts
``` ```
To select all jobs with artifacts across the entire GitLab instance: To select all jobs with artifacts across the entire GitLab instance:
```ruby ```ruby
builds_with_artifacts = Ci::Build.with_artifacts_archive builds_with_artifacts = Ci::Build.with_downloadable_artifacts
``` ```
1. Delete job artifacts older than a specific date: 1. Delete job artifacts older than a specific date:
......
...@@ -578,10 +578,10 @@ The Latest version of these steps can be found in the [job artifacts documentati ...@@ -578,10 +578,10 @@ The Latest version of these steps can be found in the [job artifacts documentati
### SELECTING THE BUILDS TO CLEAR ### SELECTING THE BUILDS TO CLEAR
# For a single project: # For a single project:
project = Project.find_by_full_path('') project = Project.find_by_full_path('')
builds_with_artifacts = project.builds.with_artifacts_archive builds_with_artifacts = project.builds.with_downloadable_artifacts
# Instance-wide: # Instance-wide:
builds_with_artifacts = Ci::Build.with_artifacts_archive builds_with_artifacts = Ci::Build.with_downloadable_artifacts
# Prior to 10.6 the above lines would be: # Prior to 10.6 the above lines would be:
# builds_with_artifacts = project.builds.with_artifacts # builds_with_artifacts = project.builds.with_artifacts
......
...@@ -106,10 +106,10 @@ describe Ci::Build do ...@@ -106,10 +106,10 @@ describe Ci::Build do
end end
end end
describe '.with_artifacts_archive' do describe '.with_downloadable_artifacts' do
subject { described_class.with_artifacts_archive } subject { described_class.with_downloadable_artifacts }
context 'when job does not have an archive' do context 'when job does not have a downloadable artifact' do
let!(:job) { create(:ci_build) } let!(:job) { create(:ci_build) }
it 'does not return the job' do it 'does not return the job' do
...@@ -117,15 +117,23 @@ describe Ci::Build do ...@@ -117,15 +117,23 @@ describe Ci::Build do
end end
end end
context 'when job has a job artifact archive' do ::Ci::JobArtifact::DOWNLOADABLE_TYPES.each do |type|
let!(:job) { create(:ci_build, :artifacts) } context "when job has a #{type} artifact" do
it 'returns the job' do
job = create(:ci_build)
create(
:ci_job_artifact,
file_format: ::Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS[type.to_sym],
file_type: type,
job: job
)
it 'returns the job' do is_expected.to include(job)
is_expected.to include(job) end
end end
end end
context 'when job has a job artifact trace' do context 'when job has a non-downloadable artifact' do
let!(:job) { create(:ci_build, :trace_artifact) } let!(:job) { create(:ci_build, :trace_artifact) }
it 'does not return the job' do it 'does not return the job' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment