Add a E2E spec for Container Registry CVS

Adds an end to end test that exercises Container Registry Continuous Vulnerability Scanning, targeting Staging

Add a E2E spec for Container Registry CVS
35a842af · Will Meek · GitLab · f7234996 · 35a842af · 35a842af
--- a/qa/qa/ee/page/project/registry/show.rb
+++ b/qa/qa/ee/page/project/registry/show.rb
+# frozen_string_literal: true
+module QA
+  module EE
+    module Page
+      module Project
+        module Registry
+          module Show
+            extend QA::Page::PageConcern
+            def self.prepended(base)
+              super
+              base.class_eval do
+                view 'ee/app/assets/javascripts/packages_and_registries/container_registry/explorer/components/' \
+                  'list_page/container_scanning_counts.vue' do
+                  element 'counts'
+                end
+              end
+            end
+            def has_non_zero_counts?
+              within_element('counts') do
+                has_text?(%r{\b[1-9]\d*\s+critical\b}) ||
+                  has_text?(%r{\b[1-9]\d*\s+high\b}) ||
+                  has_text?(%r{\b[1-9]\d*\s+other\b})
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/page/project/registry/show.rb
+++ b/qa/qa/page/project/registry/show.rb
@@ -41,3 +41,5 @@ def click_delete
    end
  end
 end
+QA::Page::Project::Registry::Show.prepend_mod_with('Page::Project::Registry::Show', namespace: QA)
--- a/qa/qa/page/project/secure/configuration_form.rb
+++ b/qa/qa/page/project/secure/configuration_form.rb
@@ -92,6 +92,14 @@ def enable_secret_detection
            end
          end
+          def enable_reg_scan
+            card = find_security_testing_card('Container Scanning For Registry')
+            within(card) do
+              # The GitLabUI toggle uses a Close Icon button
+              click_element('close-xs-icon')
+            end
+          end
          private
          def go_to_tab(name)

--- a/qa/qa/service/docker_run/container_registry_utils.rb
+++ b/qa/qa/service/docker_run/container_registry_utils.rb
+# frozen_string_literal: true
+module QA
+  module Service
+    module DockerRun
+      class ContainerRegistryUtils < Base
+        def tag_image(current_tag, new_tag)
+          run_docker_command("tag #{current_tag} #{new_tag}")
+        end
+        def push_image(tag)
+          run_docker_command("push #{tag}")
+        end
+        private
+        def run_docker_command(command)
+          shell("docker #{command}")
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/specs/features/ee/browser_ui/13_secure/cvs_container_registry_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/13_secure/cvs_container_registry_spec.rb
+# frozen_string_literal: true
+module QA
+  RSpec.describe 'Secure', :secure_container_reg_cvs, :runner,
+    product_group: :composition_analysis,
+    only: { subdomain: %i[staging staging-canary] },
+    feature_flag: { name: 'cvs_for_container_scanning', scope: :project } do
+    describe 'Continuous Vulnerability Scanning' do
+      let(:image_tag) { 'alpine:3.10.0' }
+      let(:registry_password_token) { ENV.fetch('GITLAB_QA_ACCESS_TOKEN') { raise 'GITLAB_QA_ACCESS_TOKEN required' } }
+      let!(:project) do
+        create(:project, :with_readme,
+          name: 'container-registry-cvs-project',
+          description: 'Container Registry CVS Project')
+      end
+      let(:registry_host) do
+        address = Runtime::Scenario.gitlab_address
+        uri = address.is_a?(URI) ? address : URI.parse(address)
+        "registry.#{uri.host}"
+      end
+      let(:new_image_tag) { "#{registry_host}/#{project.full_path}:latest" }
+      let(:docker_utils) { QA::Service::DockerRun::ContainerRegistryUtils.new }
+      before do
+        Runtime::Feature.enable(:cvs_for_container_scanning, project: project)
+        Flow::Login.sign_in
+      end
+      context 'when a container is tagged with latest' do
+        it('performs a container scan', testcase: 'https://gitlab.com/gitlab-org/gitlab/-/quality/test_cases/499672') do
+          configure_security_scanning
+          push_container_image
+          verify_scanning_job
+          navigate_to_vulnerability_details
+          EE::Page::Project::Secure::VulnerabilityDetails.perform do |vulnerability_details|
+            expect(vulnerability_details).to have_scanner('GitLab SBoM Vulnerability Scanner')
+          end
+        end
+      end
+      private
+      def configure_security_scanning
+        project.visit!
+        Page::Project::Menu.perform(&:go_to_security_configuration)
+        Page::Project::Secure::ConfigurationForm.perform(&:enable_reg_scan)
+      end
+      def push_container_image
+        docker_utils.login(registry_host,
+          user: Runtime::Env.user_username,
+          password: registry_password_token)
+        docker_utils.tag_image(image_tag, new_image_tag)
+        docker_utils.push_image(new_image_tag)
+      end
+      def verify_scanning_job
+        Flow::Pipeline.wait_for_pipeline_creation_via_api(project: project)
+        project.visit_job('container_scanning')
+        Page::Project::Job::Show.perform do |job|
+          expect(job).to be_successful(timeout: 800)
+        end
+      end
+      def navigate_to_vulnerability_details
+        Page::Project::Menu.perform(&:go_to_container_registry)
+        Page::Project::Registry::Show.perform do |registry|
+          expect(registry).to have_registry_repository(project.name)
+          expect(registry).to have_non_zero_counts
+          registry.click_link_with_text('View vulnerabilities')
+        end
+        EE::Page::Project::Secure::SecurityDashboard.perform do |vulnerability_report|
+          vulnerability_report.click_vulnerability(
+            description: 'apk-tools in alpine 3.10.0 is vulnerable to CVE-2021-30139')
+        end
+      end
+    end
+  end
+end