Add an End to End test to configure Dependency Scanning from UI

As per https://gitlab.com/gitlab-org/quality/testcases/-/issues/1666 The functionality was introduced, this MR adds an End to End test to test this

Add an End to End test to configure Dependency Scanning from UI
As per https://gitlab.com/gitlab-org/quality/testcases/-/issues/1666 The functionality was introduced, this MR adds an End to End test to test this
693c2fc9 · Will Meek · 1c68c271 · 693c2fc9 · 693c2fc9 · 693c2fc9
Commit 693c2fc9 authored Sep 15, 2021 by Will Meek
10 changed files
--- a/app/assets/javascripts/security_configuration/components/feature_card.vue
+++ b/app/assets/javascripts/security_configuration/components/feature_card.vue
@@ -128,6 +128,7 @@ export default {
        variant="confirm"
        category="primary"
        class="gl-mt-5"
+        :data-qa-selector="`${feature.type}_mr_button`"
      />

      <gl-button

--- a/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue
+++ b/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue
@@ -100,6 +100,7 @@ export default {
    :loading="isLoading"
    :variant="variant"
    :category="category"
+    :data-qa-selector="`${feature.type}_mr_button`"
    @click="mutate"
    >{{ $options.i18n.buttonLabel }}</gl-button
  >

--- a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/.gitlab-ci.yml
+++ b/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/.gitlab-ci.yml
@@ -2,15 +2,20 @@ include:
  template: License-Scanning.gitlab-ci.yml

 .sast-analyzer:
-  tags: [secure_sast]
  script:
    - echo "Skipped"
  artifacts:
    reports:
      sast: gl-sast-report.json

+.ds-analyzer:
+  script:
+    - echo "Skipped"
+  artifacts:
+    reports:
+      dependency_scanning: gl-dependency-scanning-report.json
+
 license_scanning:
-  tags: [secure_sast]
  script:
    - echo "Skipped"
  artifacts:

--- a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile
+++ b/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile
--- a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile.lock
+++ b/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile.lock
--- a/qa/qa/page/merge_request/new.rb
+++ b/qa/qa/page/merge_request/new.rb
@@ -20,6 +20,13 @@ module QA
          element :file_name_content
        end

+        def has_secure_description?(scanner_name)
+          scanner_url_name = scanner_name.downcase.tr('_', '-')
+          "Configure #{scanner_name} in `.gitlab-ci.yml` using the GitLab managed template. You can " \
+            "[add variable overrides](https://docs.gitlab.com/ee/user/application_security/#{scanner_url_name}/#customizing-the-#{scanner_url_name}-settings) " \
+            "to customize #{scanner_name} settings."
+        end
+
        def create_merge_request
          click_element(:issuable_create_button, Page::MergeRequest::Show)
        end

--- a/qa/qa/page/merge_request/show.rb
+++ b/qa/qa/page/merge_request/show.rb
@@ -288,13 +288,11 @@ module QA
        end

        def merge_immediately!
-          merge_moment_dropdown_found = has_element?(:merge_moment_dropdown, wait: 0)
-
-          if merge_moment_dropdown_found
-            click_element(:merge_moment_dropdown)
-            click_element(:merge_immediately_menu_item)
+          if has_element?(:merge_moment_dropdown)
+            click_element(:merge_moment_dropdown, skip_finished_loading_check: true)
+            click_element(:merge_immediately_menu_item, skip_finished_loading_check: true)
          else
-            click_element(:merge_button)
+            click_element(:merge_button, skip_finished_loading_check: true)
          end
        end


--- a/qa/qa/page/project/secure/configuration_form.rb
+++ b/qa/qa/page/project/secure/configuration_form.rb
@@ -9,19 +9,31 @@ module QA
          include QA::Page::Settings::Common

          view 'app/assets/javascripts/security_configuration/components/feature_card.vue' do
+            element :dependency_scanning_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
            element :sast_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
            element :sast_enable_button, "`${feature.type}_enable_button`" # rubocop:disable QA/ElementWithPattern
+            element :dependency_scanning_mr_button, "`${feature.type}_mr_button`" # rubocop:disable QA/ElementWithPattern
          end

          def click_sast_enable_button
            click_element(:sast_enable_button)
          end

+          def click_dependency_scanning_mr_button
+            click_element(:dependency_scanning_mr_button)
+          end
+
          def has_sast_status?(status_text)
            within_element(:sast_status) do
              has_text?(status_text)
            end
          end
+
+          def has_dependency_scanning_status?(status_text)
+            within_element(:dependency_scanning_status) do
+              has_text?(status_text)
+            end
+          end
        end
      end
    end

--- a/qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb
-# frozen_string_literal: true
-
-module QA
-  RSpec.describe 'Secure', :runner do
-    describe 'Enable SAST from UI' do
-      let(:merge_request_description) do
-        <<~DESCRIPTION.tr("\n", ' ').strip
-          Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can
-          [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings)
-          to customize SAST settings.
-        DESCRIPTION
-      end
-
-      let(:test_data_string_fields_array) do
-        [
-          %w(SECURE_ANALYZERS_PREFIX registry.example.com),
-          %w(SAST_EXCLUDED_PATHS foo,\ bar),
-          %w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
-        ]
-      end
-
-      let(:test_data_int_fields_array) do
-        [
-          %w(SEARCH_MAX_DEPTH 42),
-          %w(SAST_BRAKEMAN_LEVEL 43),
-          %w(SAST_GOSEC_LEVEL 7)
-        ]
-      end
-
-      let(:test_data_checkbox_exclude_array) do
-        %w(eslint kubesec nodejs-scan phpcs-security-audit)
-      end
-
-      let(:test_stage_name) do
-        'test_all_the_things'
-      end
-
-      let(:project) do
-        Resource::Project.fabricate_via_api! do |project|
-          project.name = 'project-with-secure'
-          project.description = 'Project with Secure'
-        end
-      end
-
-      let!(:runner) do
-        Resource::Runner.fabricate! do |runner|
-          runner.project = project
-          runner.name = "runner-for-#{project.name}"
-          runner.tags = ['secure_sast']
-        end
-      end
-
-      after do
-        runner&.remove_via_api!
-      end
-
-      before do
-        # Push fixture to generate Secure reports
-        Resource::Repository::ProjectPush.fabricate! do |project_push|
-          project_push.project = project
-          project_push.directory = Pathname
-                                       .new(__dir__)
-                                       .join('../../../../../ee/fixtures/secure_sast_enable_from_ui_files')
-          project_push.commit_message = 'Create Secure compatible application to serve premade reports'
-        end
-
-        Flow::Login.sign_in_unless_signed_in
-        project.visit!
-      end
-
-      it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
-        Flow::Pipeline.visit_latest_pipeline
-
-        # Baseline that we do not initially have a sast job
-        Page::Project::Pipeline::Show.perform do |pipeline|
-          expect(pipeline).to have_no_job('brakeman-sast')
-        end
-        Page::Project::Menu.perform(&:click_on_security_configuration_link)
-
-        Page::Project::Secure::ConfigurationForm.perform do |config_form|
-          expect(config_form).to have_sast_status('Not enabled')
-
-          config_form.click_sast_enable_button
-          config_form.click_expand_button
-
-          test_data_string_fields_array.each do |test_data_string_array|
-            config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
-          end
-          test_data_int_fields_array.each do |test_data_int_array|
-            config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
-          end
-          test_data_checkbox_exclude_array.each do |test_data_checkbox|
-            config_form.unselect_dynamic_checkbox(test_data_checkbox)
-          end
-          config_form.fill_dynamic_field('stage', test_stage_name)
-
-          config_form.click_submit_button
-        end
-
-        Page::MergeRequest::New.perform do |new_merge_request|
-          expect(new_merge_request).to have_description(merge_request_description)
-
-          new_merge_request.click_diffs_tab
-
-          aggregate_failures "test Merge Request contents" do
-            expect(new_merge_request).to have_file('.gitlab-ci.yml')
-            test_data_string_fields_array.each do |test_data_string_array|
-              expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
-            end
-            test_data_int_fields_array.each do |test_data_int_array|
-              expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
-            end
-            expect(new_merge_request).to have_content("stages: - test - #{test_stage_name}")
-            expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
-          end
-
-          new_merge_request.create_merge_request
-        end
-
-        Page::MergeRequest::Show.perform do |merge_request|
-          merge_request.merge_immediately!
-        end
-
-        Flow::Pipeline.visit_latest_pipeline
-
-        Page::Project::Pipeline::Show.perform do |pipeline|
-          expect(pipeline).to have_job('brakeman-sast')
-        end
-
-        Page::Project::Menu.perform(&:click_on_security_configuration_link)
-
-        Page::Project::Secure::ConfigurationForm.perform do |config_form|
-          aggregate_failures "test SAST status is Enabled" do
-            expect(config_form).to have_sast_status('Enabled')
-            expect(config_form).not_to have_sast_status('Not enabled')
-          end
-        end
-      end
-    end
-  end
-end
--- a/qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb
+# frozen_string_literal: true
+
+module QA
+  RSpec.describe 'Secure' do
+    context 'Enable Scanning from UI' do
+      let(:test_data_sast_string_fields_array) do
+        [
+          %w(SECURE_ANALYZERS_PREFIX registry.example.com),
+          %w(SAST_EXCLUDED_PATHS foo,\ bar),
+          %w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
+        ]
+      end
+
+      let(:test_data_int_fields_array) do
+        [
+          %w(SEARCH_MAX_DEPTH 42),
+          %w(SAST_BRAKEMAN_LEVEL 43),
+          %w(SAST_GOSEC_LEVEL 7)
+        ]
+      end
+
+      let(:test_data_checkbox_exclude_array) do
+        %w(eslint kubesec nodejs-scan phpcs-security-audit)
+      end
+
+      let(:test_stage_name) do
+        'test_all_the_things'
+      end
+
+      let(:project) do
+        Resource::Project.fabricate_via_api! do |project|
+          project.name = 'project-with-secure'
+          project.description = 'Project with Secure'
+        end
+      end
+
+      before do
+        Resource::Repository::ProjectPush.fabricate! do |project_push|
+          project_push.project = project
+          project_push.directory = Pathname
+                                       .new(__dir__)
+                                       .join('../../../../../ee/fixtures/secure_scanning_enable_from_ui_files')
+          project_push.commit_message = 'Create Secure compatible application to serve premade reports'
+        end
+
+        Flow::Login.sign_in_unless_signed_in
+        project.visit!
+      end
+
+      after do
+        project.remove_via_api! if project
+      end
+
+      describe 'enable dependency scanning from configuration' do
+        it 'runs dependency scanning job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2261' do
+          Flow::Pipeline.visit_latest_pipeline
+
+          # Baseline that we do not initially have a Dependency Scanning job
+          Page::Project::Pipeline::Show.perform do |pipeline|
+            aggregate_failures "test Dependency Scanning jobs are not present in pipeline" do
+              expect(pipeline).to have_no_job('gemnasium-dependency_scanning')
+              expect(pipeline).to have_no_job('bundler-audit-dependency_scanning')
+            end
+          end
+
+          Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+          Page::Project::Secure::ConfigurationForm.perform do |config_form|
+            expect(config_form).to have_dependency_scanning_status('Not enabled')
+
+            config_form.click_dependency_scanning_mr_button
+          end
+
+          Page::MergeRequest::New.perform do |new_merge_request|
+            expect(new_merge_request).to have_secure_description('Dependency Scanning')
+            new_merge_request.create_merge_request
+          end
+
+          Page::MergeRequest::Show.perform do |merge_request|
+            merge_request.merge_immediately!
+          end
+
+          Flow::Pipeline.visit_latest_pipeline
+
+          Page::Project::Pipeline::Show.perform do |pipeline|
+            aggregate_failures "test Dependency Scanning jobs are present in pipeline" do
+              expect(pipeline).to have_job('gemnasium-dependency_scanning')
+              expect(pipeline).to have_job('bundler-audit-dependency_scanning')
+            end
+          end
+
+          Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+          Page::Project::Secure::ConfigurationForm.perform do |config_form|
+            aggregate_failures "test Dependency Scanning status is Enabled" do
+              expect(config_form).to have_dependency_scanning_status('Enabled')
+              expect(config_form).not_to have_dependency_scanning_status('Not enabled')
+            end
+          end
+        end
+      end
+
+      describe 'enable sast from configuration' do
+        it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
+          Flow::Pipeline.visit_latest_pipeline
+
+          # Baseline that we do not initially have a sast job
+          Page::Project::Pipeline::Show.perform do |pipeline|
+            expect(pipeline).to have_no_job('brakeman-sast')
+          end
+
+          Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+          Page::Project::Secure::ConfigurationForm.perform do |config_form|
+            expect(config_form).to have_sast_status('Not enabled')
+
+            config_form.click_sast_enable_button
+            config_form.click_expand_button
+
+            test_data_sast_string_fields_array.each do |test_data_string_array|
+              config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
+            end
+            test_data_int_fields_array.each do |test_data_int_array|
+              config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
+            end
+            test_data_checkbox_exclude_array.each do |test_data_checkbox|
+              config_form.unselect_dynamic_checkbox(test_data_checkbox)
+            end
+            config_form.fill_dynamic_field('stage', test_stage_name)
+
+            config_form.click_submit_button
+          end
+
+          Page::MergeRequest::New.perform do |new_merge_request|
+            expect(new_merge_request).to have_secure_description('SAST')
+
+            new_merge_request.click_diffs_tab
+
+            aggregate_failures "test Merge Request contents" do
+              expect(new_merge_request).to have_file('.gitlab-ci.yml')
+              test_data_sast_string_fields_array.each do |test_data_string_array|
+                expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
+              end
+              test_data_int_fields_array.each do |test_data_int_array|
+                expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
+              end
+              expect(new_merge_request).to have_content("stage: #{test_stage_name}")
+              expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
+            end
+
+            new_merge_request.create_merge_request
+          end
+
+          Page::MergeRequest::Show.perform do |merge_request|
+            merge_request.merge_immediately!
+          end
+
+          Flow::Pipeline.visit_latest_pipeline
+
+          Page::Project::Pipeline::Show.perform do |pipeline|
+            expect(pipeline).to have_job('brakeman-sast')
+          end
+
+          Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+          Page::Project::Secure::ConfigurationForm.perform do |config_form|
+            aggregate_failures "test SAST status is Enabled" do
+              expect(config_form).to have_sast_status('Enabled')
+              expect(config_form).not_to have_sast_status('Not enabled')
+            end
+          end
+        end
+      end
+    end
+  end
+end