Commit 13d059fa authored by Sean McGivern's avatar Sean McGivern

Merge branch '247490-vuln-blocked-pipeline-in-security-dashboard' into 'master'

Extend state transition that initiate creation of vulnerabilities in database to blocked pipeline state

See merge request gitlab-org/gitlab!56779
parents 8b3f42f9 f9f56b76
...@@ -43,6 +43,14 @@ module Ci ...@@ -43,6 +43,14 @@ module Ci
def completed_statuses def completed_statuses
COMPLETED_STATUSES.map(&:to_sym) COMPLETED_STATUSES.map(&:to_sym)
end end
def blocked_statuses
BLOCKED_STATUS.map(&:to_sym)
end
def completed_and_blocked_statuses
completed_statuses + blocked_statuses
end
end end
included do included do
......
...@@ -52,7 +52,7 @@ module EE ...@@ -52,7 +52,7 @@ module EE
}.freeze }.freeze
state_machine :status do state_machine :status do
after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline| after_transition any => ::Ci::Pipeline.completed_and_blocked_statuses do |pipeline|
next unless pipeline.can_store_security_reports? next unless pipeline.can_store_security_reports?
pipeline.run_after_commit do pipeline.run_after_commit do
......
---
title: Extend state transition that initiate creation of vulnerabilities in database
to blocked pipeline state
merge_request: 56779
author:
type: added
...@@ -164,63 +164,69 @@ RSpec.describe Ci::Pipeline do ...@@ -164,63 +164,69 @@ RSpec.describe Ci::Pipeline do
end end
end end
describe 'Store security reports worker' do shared_examples_for 'storing the security reports' do |transition|
shared_examples_for 'storing the security reports' do |transition| let(:default_branch) { pipeline.ref }
let(:default_branch) { pipeline.ref }
subject(:transition_pipeline) { pipeline.update!(status_event: transition) } subject(:transition_pipeline) { pipeline.update!(status_event: transition) }
before do before do
allow(StoreSecurityReportsWorker).to receive(:perform_async) allow(StoreSecurityReportsWorker).to receive(:perform_async)
allow(project).to receive(:default_branch).and_return(default_branch) allow(::Security::StoreScansWorker).to receive(:perform_async)
allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports) allow(SyncSecurityReportsToReportApprovalRulesWorker).to receive(:perform_async)
end allow(project).to receive(:default_branch).and_return(default_branch)
allow(pipeline).to receive(:can_store_security_reports?).and_return(can_store_security_reports)
end
context 'when the security reports can be stored for the pipeline' do context 'when the security reports can be stored for the pipeline' do
let(:can_store_security_reports) { true } let(:can_store_security_reports) { true }
context 'when the ref is the default branch of project' do context 'when the ref is the default branch of project' do
it 'schedules store security report worker' do it 'schedules relevant workers', :aggregate_failures do
transition_pipeline transition_pipeline
expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id) expect(StoreSecurityReportsWorker).to have_received(:perform_async).with(pipeline.id)
end expect(::Security::StoreScansWorker).to have_received(:perform_async).with(pipeline.id)
expect(SyncSecurityReportsToReportApprovalRulesWorker).to have_received(:perform_async).with(pipeline.id)
end end
end
context 'when the ref is not the default branch of project' do context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' } let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do it 'does not schedule store security report worker' do
transition_pipeline transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async) expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end end
end end
end
context 'when the security reports can not be stored for the pipeline' do context 'when the security reports can not be stored for the pipeline' do
let(:can_store_security_reports) { false } let(:can_store_security_reports) { false }
context 'when the ref is the default branch of project' do context 'when the ref is the default branch of project', :aggregate_failures do
it 'does not schedule store security report worker' do it 'does not relevant workers' do
transition_pipeline transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async) expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end expect(::Security::StoreScansWorker).not_to have_received(:perform_async)
expect(SyncSecurityReportsToReportApprovalRulesWorker).not_to have_received(:perform_async)
end end
end
context 'when the ref is not the default branch of project' do context 'when the ref is not the default branch of project' do
let(:default_branch) { 'another_branch' } let(:default_branch) { 'another_branch' }
it 'does not schedule store security report worker' do it 'does not schedule store security report worker' do
transition_pipeline transition_pipeline
expect(StoreSecurityReportsWorker).not_to have_received(:perform_async) expect(StoreSecurityReportsWorker).not_to have_received(:perform_async)
end
end end
end end
end end
end
describe 'schedules security report related workers' do
context 'when pipeline is succeeded' do context 'when pipeline is succeeded' do
it_behaves_like 'storing the security reports', :succeed it_behaves_like 'storing the security reports', :succeed
end end
...@@ -236,6 +242,10 @@ RSpec.describe Ci::Pipeline do ...@@ -236,6 +242,10 @@ RSpec.describe Ci::Pipeline do
context 'when pipeline is canceled' do context 'when pipeline is canceled' do
it_behaves_like 'storing the security reports', :cancel it_behaves_like 'storing the security reports', :cancel
end end
context 'when pipeline is blocked' do
it_behaves_like 'storing the security reports', :block
end
end end
describe '#license_scanning_reports' do describe '#license_scanning_reports' do
......
...@@ -197,6 +197,12 @@ RSpec.describe Ci::HasStatus do ...@@ -197,6 +197,12 @@ RSpec.describe Ci::HasStatus do
end end
end end
describe '.completed_and_blocked_statuses' do
subject { Ci::Pipeline.completed_and_blocked_statuses }
it { is_expected.to eq [:success, :failed, :canceled, :skipped, :manual, :scheduled] }
end
context 'for scope with one status' do context 'for scope with one status' do
shared_examples 'having a job' do |status| shared_examples 'having a job' do |status|
%i[ci_build generic_commit_status].each do |type| %i[ci_build generic_commit_status].each do |type|
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment