Commit 27484c9c authored by Bob Van Landuyt's avatar Bob Van Landuyt

Merge branch...

Merge branch '352969-security-policy-definition-not-respected-with-scheduled-scan-action' into 'master'

Don't include compliance pipeline definition in scheduled security orchestration pipelines

See merge request gitlab-org/gitlab!82613
parents 553ab3ec 286739d3
......@@ -12,6 +12,7 @@ module Gitlab
next unless available?
next unless pipeline_configuration_full_path.present?
next if command.bridge
next if command.source == :security_orchestration_policy
path_file, path_project = pipeline_configuration_full_path.split('@', 2)
YAML.dump('include' => [{ 'project' => path_project, 'file' => path_file }])
......
......@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Security::SecurityOrchestrationPolicies::CreatePipelineService do
include AfterNextHelpers
describe '#execute' do
let_it_be_with_reload(:project) { create(:project, :repository) }
let_it_be(:current_user) { project.first_owner }
......@@ -148,6 +150,42 @@ RSpec.describe Security::SecurityOrchestrationPolicies::CreatePipelineService do
end
end
end
context "when project has a compliance framework" do
let(:compliance_group) { create(:group, :private, name: "compliance") }
let(:compliance_project) { create(:project, :repository, namespace: compliance_group, name: "hippa") }
let(:framework) { create(:compliance_framework, namespace_id: compliance_group.id, pipeline_configuration_full_path: ".compliance-gitlab-ci.yml@compliance/hippa") }
let!(:framework_project_setting) { create(:compliance_framework_project_setting, project: project, framework_id: framework.id) }
let!(:ref_sha) { compliance_project.commit('HEAD').sha }
let(:compliance_config) do
<<~EOY
---
compliance_build:
stage: build
script:
- echo 'hello from compliance build'
compliance_test:
stage: test
script:
- echo 'hello from compliance test'
EOY
end
before do
project.update_attribute(:namespace_id, compliance_group.id)
compliance_project.add_maintainer(current_user)
stub_licensed_features(evaluate_group_level_compliance_pipeline: true)
allow_next(Repository).to receive(:blob_data_at).with(ref_sha, '.compliance-gitlab-ci.yml').and_return(compliance_config)
end
it 'does not include the compliance definition' do
subject
yaml = YAML.safe_load(pipeline.pipeline_config.content, [Symbol])
expect(yaml).not_to eq("include" => [{ "file" => ".compliance-gitlab-ci.yml", "project" => "compliance/hippa" }])
end
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment