Add placeholder SAST Configration page

Part of [New SAST Config UI Page - Basic SAST Wide Settings][1]. Behind feature flag `sast_configuration_ui` (disabled by default). [1]: https://gitlab.com/gitlab-org/gitlab/-/issues/220577

Add placeholder SAST Configration page
Part of [New SAST Config UI Page - Basic SAST Wide Settings][1]. Behind feature flag `sast_configuration_ui` (disabled by default). [1]: https://gitlab.com/gitlab-org/gitlab/-/issues/220577
e0d760a4 · rossfuhrman · Heinrich Lee Yu · 6fad1782 · e0d760a4 · e0d760a4
Commit e0d760a4 authored Jul 13, 2020 by rossfuhrman Committed by Heinrich Lee Yu Jul 13, 2020
6 changed files
--- a/ee/app/controllers/projects/security/sast_configuration_controller.rb
+++ b/ee/app/controllers/projects/security/sast_configuration_controller.rb
@@ -3,20 +3,65 @@
 module Projects
  module Security
    class SastConfigurationController < Projects::ApplicationController
+      include CreatesCommit
      include SecurityDashboardsPermissions
      alias_method :vulnerable, :project
      before_action :ensure_sast_configuration_enabled!
+      before_action :authorize_edit_tree!, only: [:create]
      def show
      end
+      def create
+        @branch_name = project.repository.next_branch("add-sast-config")
+        @commit_params = {
+          commit_message: "Add .gitlab-ci.yml to enable SAST",
+          actions: [{ action: "create", file_path: ".gitlab-ci.yml", content: gitlab_ci_yml }]
+        }
+        project.repository.add_branch(current_user, @branch_name, project.default_branch)
+        create_commit(::Files::MultiService, success_notice: _("The .gitlab-ci.yml has been successfully created."),
+                      success_path: successful_change_path, failure_path: '')
+      end
      private
      def ensure_sast_configuration_enabled!
        not_found unless ::Feature.enabled?(:sast_configuration_ui, project)
      end
+      def successful_change_path
+        description = "Add .gitlab-ci.yml to enable SAST security scan using the GitLab managed SAST template."
+        merge_request_params = { source_branch: @branch_name, description: description }
+        project_new_merge_request_url(@project, merge_request: merge_request_params)
+      end
+      def gitlab_ci_yml
+        return ado_yml if project.auto_devops_enabled?
+        sast_yml
+      end
+      def ado_yml
+        <<-CI_YML.strip_heredoc
+          include:
+            - template: Auto-DevOps.gitlab-ci.yml
+        CI_YML
+      end
+      def sast_yml
+        <<-CI_YML.strip_heredoc
+          stages:
+            - test
+          include:
+            - template: SAST.gitlab-ci.yml
+        CI_YML
+      end
    end
  end
 end
--- a/ee/app/presenters/projects/security/configuration_presenter.rb
+++ b/ee/app/presenters/projects/security/configuration_presenter.rb
@@ -48,6 +48,7 @@ module Projects
        {
          auto_devops_enabled: auto_devops_source?,
          auto_devops_help_page_path: help_page_path('topics/autodevops/index'),
+          create_sast_merge_request_path: project_security_configuration_sast_path(project),
          features: features.to_json,
          help_page_path: help_page_path('user/application_security/index'),
          latest_pipeline_path: latest_pipeline_path,

--- a/ee/config/routes/project.rb
+++ b/ee/config/routes/project.rb
@@ -67,7 +67,7 @@ constraints(::Constraints::ProjectUrlConstrainer.new) do
          resource :configuration, only: [:show], controller: :configuration do
            post :auto_fix, on: :collection
-            resource :sast, only: [:show], controller: :sast_configuration
+            resource :sast, only: [:show, :create], controller: :sast_configuration
          end
          resource :discover, only: [:show], controller: :discover

--- a/ee/spec/controllers/projects/security/sast_configuration_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/sast_configuration_controller_spec.rb
@@ -70,4 +70,34 @@ RSpec.describe Projects::Security::SastConfigurationController do
      end
    end
  end
+  describe 'POST #create' do
+    let_it_be(:project) { create(:project, :repository, namespace: group) }
+    before do
+      stub_licensed_features(security_dashboard: true)
+      sign_in(developer)
+    end
+    context 'with valid params' do
+      it 'returns the new merge request url' do
+        create_sast_configuration user: developer, project: project, params: {}
+        expect(json_response["message"]).to eq("success")
+        expect(json_response["filePath"]).to match(/#{project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
+      end
+    end
+  end
+  def create_sast_configuration(user:, project:, params:)
+    post_params = {
+      namespace_id: project.namespace.to_param,
+      project_id: project.to_param,
+      sast_configuration: params,
+      format: :json
+    }
+    post :create, params: post_params, as: :json
+  end
 end
--- a/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
+++ b/ee/spec/presenters/projects/security/configuration_presenter_spec.rb
@@ -28,6 +28,10 @@ RSpec.describe Projects::Security::ConfigurationPresenter do
      expect(auto_fix['container_scanning']).to be_truthy
    end
+    it 'includes the path to create a SAST merge request' do
+      expect(subject[:create_sast_merge_request_path]).to eq(project_security_configuration_sast_path(project))
+    end
    context "when the latest default branch pipeline's source is auto devops" do
      before do
        create(

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -22928,6 +22928,9 @@ msgid_plural "The %{type} contains the following errors:"
 msgstr[0] ""
 msgstr[1] ""
+msgid "The .gitlab-ci.yml has been successfully created."
+msgstr ""
 msgid "The Advanced Global Search in GitLab is a powerful search service that saves you time. Instead of creating duplicate code and wasting time, you can now search for code within other teams that can help your own project."
 msgstr ""