Merge branch 'rf-post-sast-config' into 'master'

MR Creation Flow for SAST UI Config Changes See merge request gitlab-org/gitlab!36233

Merge branch 'rf-post-sast-config' into 'master'
MR Creation Flow for SAST UI Config Changes See merge request gitlab-org/gitlab!36233
58a7f989 · Heinrich Lee Yu · 52c358d0 · e0d760a4 · 58a7f989 · 58a7f989
Commit 58a7f989 authored Jul 13, 2020 by Heinrich Lee Yu
6 changed files
--- a/ee/app/controllers/projects/security/sast_configuration_controller.rb
+++ b/ee/app/controllers/projects/security/sast_configuration_controller.rb
@@ -3,20 +3,65 @@
 module Projects
  module Security
    class SastConfigurationController < Projects::ApplicationController
+      include CreatesCommit
      include SecurityDashboardsPermissions

      alias_method :vulnerable, :project

      before_action :ensure_sast_configuration_enabled!
+      before_action :authorize_edit_tree!, only: [:create]

      def show
      end

+      def create
+        @branch_name = project.repository.next_branch("add-sast-config")
+
+        @commit_params = {
+          commit_message: "Add .gitlab-ci.yml to enable SAST",
+          actions: [{ action: "create", file_path: ".gitlab-ci.yml", content: gitlab_ci_yml }]
+        }
+
+        project.repository.add_branch(current_user, @branch_name, project.default_branch)
+
+        create_commit(::Files::MultiService, success_notice: _("The .gitlab-ci.yml has been successfully created."),
+                      success_path: successful_change_path, failure_path: '')
+      end
+
      private

      def ensure_sast_configuration_enabled!
        not_found unless ::Feature.enabled?(:sast_configuration_ui, project)
      end
+
+      def successful_change_path
+        description = "Add .gitlab-ci.yml to enable SAST security scan using the GitLab managed SAST template."
+        merge_request_params = { source_branch: @branch_name, description: description }
+        project_new_merge_request_url(@project, merge_request: merge_request_params)
+      end
+
+      def gitlab_ci_yml
+        return ado_yml if project.auto_devops_enabled?
+
+        sast_yml
+      end
+
+      def ado_yml
+        <<-CI_YML.strip_heredoc
+          include:
+            - template: Auto-DevOps.gitlab-ci.yml
+        CI_YML
+      end
+
+      def sast_yml
+        <<-CI_YML.strip_heredoc
+          stages:
+            - test
+
+          include:
+            - template: SAST.gitlab-ci.yml
+        CI_YML
+      end
    end
  end
 end
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -48,6 +48,7 @@ module Projects
        {
          auto_devops_enabled: auto_devops_source?,
          auto_devops_help_page_path: help_page_path('topics/autodevops/index'),
+          create_sast_merge_request_path: project_security_configuration_sast_path(project),
          features: features.to_json,
          help_page_path: help_page_path('user/application_security/index'),
          latest_pipeline_path: latest_pipeline_path,

--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -67,7 +67,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do

          resource :configuration, only: [:show], controller: :configuration do
            post :auto_fix, on: :collection
-            resource :sast, only: [:show], controller: :sast_configuration
+            resource :sast, only: [:show, :create], controller: :sast_configuration
          end

          resource :discover, only: [:show], controller: :discover

--- a/ee/spec/controllers/projects/security/sast_configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/sast_configuration_controller_spec.rb
@@ -70,4 +70,34 @@ RSpec.describe Projects::Security::SastConfigurationController do
      end
    end
  end
+
+  describe 'POST #create' do
+    let_it_be(:project) { create(:project, :repository, namespace: group) }
+
+    before do
+      stub_licensed_features(security_dashboard: true)
+
+      sign_in(developer)
+    end
+
+    context 'with valid params' do
+      it 'returns the new merge request url' do
+        create_sast_configuration user: developer, project: project, params: {}
+
+        expect(json_response["message"]).to eq("success")
+        expect(json_response["filePath"]).to match(/#{project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
+      end
+    end
+  end
+
+  def create_sast_configuration(user:, project:, params:)
+    post_params = {
+      namespace_id: project.namespace.to_param,
+      project_id: project.to_param,
+      sast_configuration: params,
+      format: :json
+    }
+
+    post :create, params: post_params, as: :json
+  end
 end
--- a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -28,6 +28,10 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
      expect(auto_fix['container_scanning']).to be_truthy
    end

+    it 'includes the path to create a SAST merge request' do
+      expect(subject[:create_sast_merge_request_path]).to eq(project_security_configuration_sast_path(project))
+    end
+
    context "when the latest default branch pipeline's source is auto devops" do
      before do
        create(

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -22985,6 +22985,9 @@ msgid_plural "The %{type} contains the following errors:"
 msgstr[0] ""
 msgstr[1] ""

+msgid "The .gitlab-ci.yml has been successfully created."
+msgstr ""
+
 msgid "The Advanced Global Search in GitLab is a powerful search service that saves you time. Instead of creating duplicate code and wasting time, you can now search for code within other teams that can help your own project."
 msgstr ""