Commit 0c9fee8d authored by Olivier Gonzalez's avatar Olivier Gonzalez

Add Dependency Scanning feature and expose its artifacts in Merge Request. Refs #5105

parent 81503c33
......@@ -8,6 +8,7 @@ module EE
extend ActiveSupport::Concern
CODEQUALITY_FILE = 'codeclimate.json'.freeze
DEPENDENCY_SCANNING_FILE = 'gl-dependency-scanning-report.json'.freeze
SAST_FILE = 'gl-sast-report.json'.freeze
PERFORMANCE_FILE = 'performance.json'.freeze
SAST_CONTAINER_FILE = 'gl-sast-container-report.json'.freeze
......@@ -19,6 +20,7 @@ module EE
scope :codequality, -> { where(name: %w[codequality codeclimate]) }
scope :performance, -> { where(name: %w[performance deploy]) }
scope :sast, -> { where(name: 'sast') }
scope :dependency_scanning, -> { where(name: 'dependency-scanning') }
scope :sast_container, -> { where(name: 'sast:container') }
scope :dast, -> { where(name: 'dast') }
scope :with_artifacts_stored_locally, -> { with_artifacts_archive.where(artifacts_file_store: [nil, LegacyArtifactUploader::Store::LOCAL]) }
......@@ -55,6 +57,10 @@ module EE
has_artifact?(SAST_FILE)
end
def has_dependency_scanning_json?
has_artifact?(DEPENDENCY_SCANNING_FILE)
end
def has_sast_container_json?
has_artifact?(SAST_CONTAINER_FILE)
end
......
......@@ -24,6 +24,10 @@ module EE
artifacts.sast.find(&:has_sast_json?)
end
def dependency_scanning_artifact
@dependency_scanning_artifact ||= artifacts.dependency_scanning.find(&:has_dependency_scanning_json?)
end
def sast_container_artifact
artifacts.sast_container.find(&:has_sast_container_json?)
end
......@@ -40,6 +44,10 @@ module EE
sast_artifact&.success?
end
def has_dependency_scanning_data?
dependency_scanning_artifact&.success?
end
def has_sast_container_data?
sast_container_artifact&.success?
end
......@@ -61,6 +69,11 @@ module EE
has_sast_data?
end
def expose_dependency_scanning_data?
project.feature_available?(:dependency_scanning) &&
has_dependency_scanning_data?
end
def expose_sast_container_data?
project.feature_available?(:sast_container) &&
has_sast_container_data?
......
......@@ -16,6 +16,8 @@ module EE
delegate :performance_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :sast_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
delegate :sast_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :dependency_scanning_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
delegate :dependency_scanning_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :sast_container_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
delegate :sast_container_artifact, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :dast_artifact, to: :head_pipeline, prefix: :head, allow_nil: true
......@@ -23,9 +25,11 @@ module EE
delegate :sha, to: :head_pipeline, prefix: :head_pipeline, allow_nil: true
delegate :sha, to: :base_pipeline, prefix: :base_pipeline, allow_nil: true
delegate :has_sast_data?, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :has_dependency_scanning_data?, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :has_sast_container_data?, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :has_dast_data?, to: :base_pipeline, prefix: :base, allow_nil: true
delegate :expose_sast_data?, to: :head_pipeline, allow_nil: true
delegate :expose_dependency_scanning_data?, to: :head_pipeline, allow_nil: true
delegate :expose_sast_container_data?, to: :head_pipeline, allow_nil: true
delegate :expose_dast_data?, to: :head_pipeline, allow_nil: true
end
......
......@@ -59,6 +59,7 @@ class License < ActiveRecord::Base
].freeze
EEU_FEATURES = EEP_FEATURES + %i[
dependency_scanning
sast
sast_container
cluster_health
......
......@@ -55,6 +55,20 @@ module EE
end
end
expose :dependency_scanning, if: -> (mr, _) { mr.expose_dependency_scanning_data? } do
expose :head_path, if: -> (mr, _) { can?(current_user, :read_build, mr.head_dependency_scanning_artifact) } do |merge_request|
raw_project_build_artifacts_url(merge_request.source_project,
merge_request.head_dependency_scanning_artifact,
path: Ci::Build::DEPENDENCY_SCANNING_FILE)
end
expose :base_path, if: -> (mr, _) { mr.base_has_dependency_scanning_data? && can?(current_user, :read_build, mr.base_dependency_scanning_artifact) } do |merge_request|
raw_project_build_artifacts_url(merge_request.target_project,
merge_request.base_dependency_scanning_artifact,
path: Ci::Build::DEPENDENCY_SCANNING_FILE)
end
end
expose :sast_container, if: -> (mr, _) { mr.expose_sast_container_data? } do
expose :head_path, if: -> (mr, _) { can?(current_user, :read_build, mr.head_sast_container_artifact) } do |merge_request|
raw_project_build_artifacts_url(merge_request.source_project,
......
......@@ -137,15 +137,16 @@ describe Ci::Build do
end
end
ARTIFACTS_METHODS = {
BUILD_ARTIFACTS_METHODS = {
has_codeclimate_json?: Ci::Build::CODEQUALITY_FILE,
has_performance_json?: Ci::Build::PERFORMANCE_FILE,
has_sast_json?: Ci::Build::SAST_FILE,
has_dependency_scanning_json?: Ci::Build::DEPENDENCY_SCANNING_FILE,
has_sast_container_json?: Ci::Build::SAST_CONTAINER_FILE,
has_dast_json?: Ci::Build::DAST_FILE
}.freeze
ARTIFACTS_METHODS.each do |method, filename|
BUILD_ARTIFACTS_METHODS.each do |method, filename|
describe "##{method}" do
context 'valid build' do
let!(:build) do
......
......@@ -17,15 +17,16 @@ describe Ci::Pipeline do
end
end
ARTIFACTS_METHODS = {
PIPELINE_ARTIFACTS_METHODS = {
codeclimate_artifact: [Ci::Build::CODEQUALITY_FILE, 'codequality'],
performance_artifact: [Ci::Build::PERFORMANCE_FILE, 'performance'],
sast_artifact: [Ci::Build::SAST_FILE, 'sast'],
dependency_scanning_artifact: [Ci::Build::DEPENDENCY_SCANNING_FILE, 'dependency-scanning'],
sast_container_artifact: [Ci::Build::SAST_CONTAINER_FILE, 'sast:container'],
dast_artifact: [Ci::Build::DAST_FILE, 'dast']
}.freeze
ARTIFACTS_METHODS.each do |method, options|
PIPELINE_ARTIFACTS_METHODS.each do |method, options|
describe method.to_s do
context 'has corresponding job' do
let!(:build) do
......
......@@ -47,6 +47,19 @@ describe MergeRequestWidgetEntity do
expect(subject.as_json[:sast]).to include(:base_path)
end
it 'has dependency_scanning data' do
build = create(:ci_build, name: 'dependency_scanning', pipeline: pipeline)
allow(merge_request).to receive(:expose_dependency_scanning_data?).and_return(true)
allow(merge_request).to receive(:base_has_dependency_scanning_data?).and_return(true)
allow(merge_request).to receive(:base_dependency_scanning_artifact).and_return(build)
allow(merge_request).to receive(:head_dependency_scanning_artifact).and_return(build)
expect(subject.as_json).to include(:dependency_scanning)
expect(subject.as_json[:dependency_scanning]).to include(:head_path)
expect(subject.as_json[:dependency_scanning]).to include(:base_path)
end
it 'has sast_container data' do
build = create(:ci_build, name: 'sast:image', pipeline: pipeline)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment