From 693c2fc9a023a8ac91cda150be7958d2168745e6 Mon Sep 17 00:00:00 2001
From: Will Meek <wmeek@gitlab.com>
Date: Wed, 15 Sep 2021 15:58:09 +0100
Subject: [PATCH] Add an End to End test to configure Dependency Scanning from
UI
As per https://gitlab.com/gitlab-org/quality/testcases/-/issues/1666
The functionality was introduced, this MR
adds an End to End test to test this
---
.../components/feature_card.vue | 1 +
.../components/manage_via_mr.vue | 1 +
.../.gitlab-ci.yml | 9 +-
.../Gemfile | 0
.../Gemfile.lock | 0
qa/qa/page/merge_request/new.rb | 7 +
qa/qa/page/merge_request/show.rb | 10 +-
.../page/project/secure/configuration_form.rb | 12 ++
.../enable_sast_from_configuration_spec.rb | 141 --------------
...enable_scanning_from_configuration_spec.rb | 176 ++++++++++++++++++
10 files changed, 208 insertions(+), 149 deletions(-)
rename qa/qa/ee/fixtures/{secure_sast_enable_from_ui_files => secure_scanning_enable_from_ui_files}/.gitlab-ci.yml (68%)
rename qa/qa/ee/fixtures/{secure_sast_enable_from_ui_files => secure_scanning_enable_from_ui_files}/Gemfile (100%)
rename qa/qa/ee/fixtures/{secure_sast_enable_from_ui_files => secure_scanning_enable_from_ui_files}/Gemfile.lock (100%)
delete mode 100644 qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb
create mode 100644 qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb
diff --git a/app/assets/javascripts/security_configuration/components/feature_card.vue b/app/assets/javascripts/security_configuration/components/feature_card.vue
index 0ecfdf420dbce..86afdbfeb8c27 100644
--- a/app/assets/javascripts/security_configuration/components/feature_card.vue
+++ b/app/assets/javascripts/security_configuration/components/feature_card.vue
@@ -128,6 +128,7 @@ export default {
variant="confirm"
category="primary"
class="gl-mt-5"
+ :data-qa-selector="`${feature.type}_mr_button`"
/>
<gl-button
diff --git a/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue b/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue
index 0ff858e6afc72..42272c222fcc3 100644
--- a/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue
+++ b/app/assets/javascripts/vue_shared/security_configuration/components/manage_via_mr.vue
@@ -100,6 +100,7 @@ export default {
:loading="isLoading"
:variant="variant"
:category="category"
+ :data-qa-selector="`${feature.type}_mr_button`"
@click="mutate"
>{{ $options.i18n.buttonLabel }}</gl-button
>
diff --git a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/.gitlab-ci.yml b/qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/.gitlab-ci.yml
similarity index 68%
rename from qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/.gitlab-ci.yml
rename to qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/.gitlab-ci.yml
index 93213d8202a92..5e9cbdd23a1be 100644
--- a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/.gitlab-ci.yml
+++ b/qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/.gitlab-ci.yml
@@ -2,15 +2,20 @@ include:
template: License-Scanning.gitlab-ci.yml
.sast-analyzer:
- tags: [secure_sast]
script:
- echo "Skipped"
artifacts:
reports:
sast: gl-sast-report.json
+.ds-analyzer:
+ script:
+ - echo "Skipped"
+ artifacts:
+ reports:
+ dependency_scanning: gl-dependency-scanning-report.json
+
license_scanning:
- tags: [secure_sast]
script:
- echo "Skipped"
artifacts:
diff --git a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile b/qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/Gemfile
similarity index 100%
rename from qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile
rename to qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/Gemfile
diff --git a/qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile.lock b/qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/Gemfile.lock
similarity index 100%
rename from qa/qa/ee/fixtures/secure_sast_enable_from_ui_files/Gemfile.lock
rename to qa/qa/ee/fixtures/secure_scanning_enable_from_ui_files/Gemfile.lock
diff --git a/qa/qa/page/merge_request/new.rb b/qa/qa/page/merge_request/new.rb
index 71e51ddd504c6..bcc60a8275d49 100644
--- a/qa/qa/page/merge_request/new.rb
+++ b/qa/qa/page/merge_request/new.rb
@@ -20,6 +20,13 @@ class New < Page::Issuable::New
element :file_name_content
end
+ def has_secure_description?(scanner_name)
+ scanner_url_name = scanner_name.downcase.tr('_', '-')
+ "Configure #{scanner_name} in `.gitlab-ci.yml` using the GitLab managed template. You can " \
+ "[add variable overrides](https://docs.gitlab.com/ee/user/application_security/#{scanner_url_name}/#customizing-the-#{scanner_url_name}-settings) " \
+ "to customize #{scanner_name} settings."
+ end
+
def create_merge_request
click_element(:issuable_create_button, Page::MergeRequest::Show)
end
diff --git a/qa/qa/page/merge_request/show.rb b/qa/qa/page/merge_request/show.rb
index 1d8d9ed685938..7de99a11cf68f 100644
--- a/qa/qa/page/merge_request/show.rb
+++ b/qa/qa/page/merge_request/show.rb
@@ -288,13 +288,11 @@ def rebase!
end
def merge_immediately!
- merge_moment_dropdown_found = has_element?(:merge_moment_dropdown, wait: 0)
-
- if merge_moment_dropdown_found
- click_element(:merge_moment_dropdown)
- click_element(:merge_immediately_menu_item)
+ if has_element?(:merge_moment_dropdown)
+ click_element(:merge_moment_dropdown, skip_finished_loading_check: true)
+ click_element(:merge_immediately_menu_item, skip_finished_loading_check: true)
else
- click_element(:merge_button)
+ click_element(:merge_button, skip_finished_loading_check: true)
end
end
diff --git a/qa/qa/page/project/secure/configuration_form.rb b/qa/qa/page/project/secure/configuration_form.rb
index 73d1601b61ea2..3e89a57e87081 100644
--- a/qa/qa/page/project/secure/configuration_form.rb
+++ b/qa/qa/page/project/secure/configuration_form.rb
@@ -9,19 +9,31 @@ class ConfigurationForm < QA::Page::Base
include QA::Page::Settings::Common
view 'app/assets/javascripts/security_configuration/components/feature_card.vue' do
+ element :dependency_scanning_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
element :sast_status, "`${feature.type}_status`" # rubocop:disable QA/ElementWithPattern
element :sast_enable_button, "`${feature.type}_enable_button`" # rubocop:disable QA/ElementWithPattern
+ element :dependency_scanning_mr_button, "`${feature.type}_mr_button`" # rubocop:disable QA/ElementWithPattern
end
def click_sast_enable_button
click_element(:sast_enable_button)
end
+ def click_dependency_scanning_mr_button
+ click_element(:dependency_scanning_mr_button)
+ end
+
def has_sast_status?(status_text)
within_element(:sast_status) do
has_text?(status_text)
end
end
+
+ def has_dependency_scanning_status?(status_text)
+ within_element(:dependency_scanning_status) do
+ has_text?(status_text)
+ end
+ end
end
end
end
diff --git a/qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb b/qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb
deleted file mode 100644
index 4d6adde6c1fa3..0000000000000
--- a/qa/qa/specs/features/ee/browser_ui/secure/enable_sast_from_configuration_spec.rb
+++ /dev/null
@@ -1,141 +0,0 @@
-# frozen_string_literal: true
-
-module QA
- RSpec.describe 'Secure', :runner do
- describe 'Enable SAST from UI' do
- let(:merge_request_description) do
- <<~DESCRIPTION.tr("\n", ' ').strip
- Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can
- [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings)
- to customize SAST settings.
- DESCRIPTION
- end
-
- let(:test_data_string_fields_array) do
- [
- %w(SECURE_ANALYZERS_PREFIX registry.example.com),
- %w(SAST_EXCLUDED_PATHS foo,\ bar),
- %w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
- ]
- end
-
- let(:test_data_int_fields_array) do
- [
- %w(SEARCH_MAX_DEPTH 42),
- %w(SAST_BRAKEMAN_LEVEL 43),
- %w(SAST_GOSEC_LEVEL 7)
- ]
- end
-
- let(:test_data_checkbox_exclude_array) do
- %w(eslint kubesec nodejs-scan phpcs-security-audit)
- end
-
- let(:test_stage_name) do
- 'test_all_the_things'
- end
-
- let(:project) do
- Resource::Project.fabricate_via_api! do |project|
- project.name = 'project-with-secure'
- project.description = 'Project with Secure'
- end
- end
-
- let!(:runner) do
- Resource::Runner.fabricate! do |runner|
- runner.project = project
- runner.name = "runner-for-#{project.name}"
- runner.tags = ['secure_sast']
- end
- end
-
- after do
- runner&.remove_via_api!
- end
-
- before do
- # Push fixture to generate Secure reports
- Resource::Repository::ProjectPush.fabricate! do |project_push|
- project_push.project = project
- project_push.directory = Pathname
- .new(__dir__)
- .join('../../../../../ee/fixtures/secure_sast_enable_from_ui_files')
- project_push.commit_message = 'Create Secure compatible application to serve premade reports'
- end
-
- Flow::Login.sign_in_unless_signed_in
- project.visit!
- end
-
- it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
- Flow::Pipeline.visit_latest_pipeline
-
- # Baseline that we do not initially have a sast job
- Page::Project::Pipeline::Show.perform do |pipeline|
- expect(pipeline).to have_no_job('brakeman-sast')
- end
- Page::Project::Menu.perform(&:click_on_security_configuration_link)
-
- Page::Project::Secure::ConfigurationForm.perform do |config_form|
- expect(config_form).to have_sast_status('Not enabled')
-
- config_form.click_sast_enable_button
- config_form.click_expand_button
-
- test_data_string_fields_array.each do |test_data_string_array|
- config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
- end
- test_data_int_fields_array.each do |test_data_int_array|
- config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
- end
- test_data_checkbox_exclude_array.each do |test_data_checkbox|
- config_form.unselect_dynamic_checkbox(test_data_checkbox)
- end
- config_form.fill_dynamic_field('stage', test_stage_name)
-
- config_form.click_submit_button
- end
-
- Page::MergeRequest::New.perform do |new_merge_request|
- expect(new_merge_request).to have_description(merge_request_description)
-
- new_merge_request.click_diffs_tab
-
- aggregate_failures "test Merge Request contents" do
- expect(new_merge_request).to have_file('.gitlab-ci.yml')
- test_data_string_fields_array.each do |test_data_string_array|
- expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
- end
- test_data_int_fields_array.each do |test_data_int_array|
- expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
- end
- expect(new_merge_request).to have_content("stages: - test - #{test_stage_name}")
- expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
- end
-
- new_merge_request.create_merge_request
- end
-
- Page::MergeRequest::Show.perform do |merge_request|
- merge_request.merge_immediately!
- end
-
- Flow::Pipeline.visit_latest_pipeline
-
- Page::Project::Pipeline::Show.perform do |pipeline|
- expect(pipeline).to have_job('brakeman-sast')
- end
-
- Page::Project::Menu.perform(&:click_on_security_configuration_link)
-
- Page::Project::Secure::ConfigurationForm.perform do |config_form|
- aggregate_failures "test SAST status is Enabled" do
- expect(config_form).to have_sast_status('Enabled')
- expect(config_form).not_to have_sast_status('Not enabled')
- end
- end
- end
- end
- end
-end
diff --git a/qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb b/qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb
new file mode 100644
index 0000000000000..e4a6f32c53035
--- /dev/null
+++ b/qa/qa/specs/features/ee/browser_ui/secure/enable_scanning_from_configuration_spec.rb
@@ -0,0 +1,176 @@
+# frozen_string_literal: true
+
+module QA
+ RSpec.describe 'Secure' do
+ context 'Enable Scanning from UI' do
+ let(:test_data_sast_string_fields_array) do
+ [
+ %w(SECURE_ANALYZERS_PREFIX registry.example.com),
+ %w(SAST_EXCLUDED_PATHS foo,\ bar),
+ %w(SAST_BANDIT_EXCLUDED_PATHS exclude_path_a,\ exclude_path_b)
+ ]
+ end
+
+ let(:test_data_int_fields_array) do
+ [
+ %w(SEARCH_MAX_DEPTH 42),
+ %w(SAST_BRAKEMAN_LEVEL 43),
+ %w(SAST_GOSEC_LEVEL 7)
+ ]
+ end
+
+ let(:test_data_checkbox_exclude_array) do
+ %w(eslint kubesec nodejs-scan phpcs-security-audit)
+ end
+
+ let(:test_stage_name) do
+ 'test_all_the_things'
+ end
+
+ let(:project) do
+ Resource::Project.fabricate_via_api! do |project|
+ project.name = 'project-with-secure'
+ project.description = 'Project with Secure'
+ end
+ end
+
+ before do
+ Resource::Repository::ProjectPush.fabricate! do |project_push|
+ project_push.project = project
+ project_push.directory = Pathname
+ .new(__dir__)
+ .join('../../../../../ee/fixtures/secure_scanning_enable_from_ui_files')
+ project_push.commit_message = 'Create Secure compatible application to serve premade reports'
+ end
+
+ Flow::Login.sign_in_unless_signed_in
+ project.visit!
+ end
+
+ after do
+ project.remove_via_api! if project
+ end
+
+ describe 'enable dependency scanning from configuration' do
+ it 'runs dependency scanning job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/2261' do
+ Flow::Pipeline.visit_latest_pipeline
+
+ # Baseline that we do not initially have a Dependency Scanning job
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ aggregate_failures "test Dependency Scanning jobs are not present in pipeline" do
+ expect(pipeline).to have_no_job('gemnasium-dependency_scanning')
+ expect(pipeline).to have_no_job('bundler-audit-dependency_scanning')
+ end
+ end
+
+ Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+ Page::Project::Secure::ConfigurationForm.perform do |config_form|
+ expect(config_form).to have_dependency_scanning_status('Not enabled')
+
+ config_form.click_dependency_scanning_mr_button
+ end
+
+ Page::MergeRequest::New.perform do |new_merge_request|
+ expect(new_merge_request).to have_secure_description('Dependency Scanning')
+ new_merge_request.create_merge_request
+ end
+
+ Page::MergeRequest::Show.perform do |merge_request|
+ merge_request.merge_immediately!
+ end
+
+ Flow::Pipeline.visit_latest_pipeline
+
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ aggregate_failures "test Dependency Scanning jobs are present in pipeline" do
+ expect(pipeline).to have_job('gemnasium-dependency_scanning')
+ expect(pipeline).to have_job('bundler-audit-dependency_scanning')
+ end
+ end
+
+ Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+ Page::Project::Secure::ConfigurationForm.perform do |config_form|
+ aggregate_failures "test Dependency Scanning status is Enabled" do
+ expect(config_form).to have_dependency_scanning_status('Enabled')
+ expect(config_form).not_to have_dependency_scanning_status('Not enabled')
+ end
+ end
+ end
+ end
+
+ describe 'enable sast from configuration' do
+ it 'runs sast job when enabled from configuration', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/quality/test_cases/1835' do
+ Flow::Pipeline.visit_latest_pipeline
+
+ # Baseline that we do not initially have a sast job
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ expect(pipeline).to have_no_job('brakeman-sast')
+ end
+
+ Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+ Page::Project::Secure::ConfigurationForm.perform do |config_form|
+ expect(config_form).to have_sast_status('Not enabled')
+
+ config_form.click_sast_enable_button
+ config_form.click_expand_button
+
+ test_data_sast_string_fields_array.each do |test_data_string_array|
+ config_form.fill_dynamic_field(test_data_string_array.first, test_data_string_array[1])
+ end
+ test_data_int_fields_array.each do |test_data_int_array|
+ config_form.fill_dynamic_field(test_data_int_array.first, test_data_int_array[1])
+ end
+ test_data_checkbox_exclude_array.each do |test_data_checkbox|
+ config_form.unselect_dynamic_checkbox(test_data_checkbox)
+ end
+ config_form.fill_dynamic_field('stage', test_stage_name)
+
+ config_form.click_submit_button
+ end
+
+ Page::MergeRequest::New.perform do |new_merge_request|
+ expect(new_merge_request).to have_secure_description('SAST')
+
+ new_merge_request.click_diffs_tab
+
+ aggregate_failures "test Merge Request contents" do
+ expect(new_merge_request).to have_file('.gitlab-ci.yml')
+ test_data_sast_string_fields_array.each do |test_data_string_array|
+ expect(new_merge_request).to have_content("#{test_data_string_array.first}: #{test_data_string_array[1]}")
+ end
+ test_data_int_fields_array.each do |test_data_int_array|
+ expect(new_merge_request).to have_content("#{test_data_int_array.first}: '#{test_data_int_array[1]}'")
+ end
+ expect(new_merge_request).to have_content("stage: #{test_stage_name}")
+ expect(new_merge_request).to have_content("SAST_EXCLUDED_ANALYZERS: #{test_data_checkbox_exclude_array.join(', ')}")
+ end
+
+ new_merge_request.create_merge_request
+ end
+
+ Page::MergeRequest::Show.perform do |merge_request|
+ merge_request.merge_immediately!
+ end
+
+ Flow::Pipeline.visit_latest_pipeline
+
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ expect(pipeline).to have_job('brakeman-sast')
+ end
+
+ Page::Project::Menu.perform(&:click_on_security_configuration_link)
+
+ Page::Project::Secure::ConfigurationForm.perform do |config_form|
+ aggregate_failures "test SAST status is Enabled" do
+ expect(config_form).to have_sast_status('Enabled')
+ expect(config_form).not_to have_sast_status('Not enabled')
+ end
+ end
+ end
+ end
+ end
+ end
+end
--
GitLab