Merge branch 'hm-dequarantine-security-reports-spec' into 'master'

De-quarantine and fix security reports spec flakiness

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/127947



Merged-by: Chloe Liu <yliu@gitlab.com>
Approved-by: Andy Hohenner <ahohenner@gitlab.com>
Approved-by: Chloe Liu <yliu@gitlab.com>
Reviewed-by: Chloe Liu <yliu@gitlab.com>
Co-authored-by: hmuralidhar <hmuralidhar@gitlab.com>

qa/qa/ee/page/component/secure_report.rb

@@ -36,6 +36,9 @@ def self.prepended(base)
           end
 
           def filter_report_type(report, project_filter = true)
+            wait_until(max_duration: 20, sleep_interval: 3, message: "Wait for tool dropdown to appear") do
+              has_element?(:filter_tool_dropdown)
+            end
             click_element(:filter_tool_dropdown)
 
             if project_filter

qa/qa/ee/page/group/secure/show.rb

@@ -25,7 +25,7 @@ def has_security_status_project_for_severity?(severity, project)
               within_element("severity_accordion_item_#{severity}") do
                 click_on severity
               end
-              has_element?(:project_name_text, text: "#{project.group.sandbox.path} / #{project.group.path} / #{project.name}")
+              has_element?(:project_name_text, text: "#{project.group.sandbox.path} / #{project.group.path} / #{project.name}", wait: 5)
             end
           end
         end

qa/qa/specs/features/ee/browser_ui/10_govern/security_reports_spec.rb

 # frozen_string_literal: true
 
 module QA
-  RSpec.describe 'Govern', :runner, product_group: :threat_insights, quarantine: {
-    type: :investigating,
-    issue: 'https://gitlab.com/gitlab-org/gitlab/-/issues/420136'
-  } do
+  RSpec.describe 'Govern', :runner, product_group: :threat_insights do
     describe 'Security Reports' do
       let(:number_of_dependencies_in_fixture) { 13 }
       let(:dependency_scan_example_vuln) { 'Prototype pollution attack in mixin-deep' }
@@ -20,21 +17,27 @@ module QA
         original_yaml = File.read(gitlab_ci_yaml_path)
         original_yaml << "\n"
         original_yaml << <<~YAML
-        secret_detection:
-          tags: [secure_report]
-          script:
-            - echo "Skipped"
-          artifacts:
-            reports:
-              secret_detection: gl-secret-detection-report.json
+          secret_detection:
+            tags: [secure_report]
+            script:
+              - echo "Skipped"
+            artifacts:
+              reports:
+                secret_detection: gl-secret-detection-report.json
         YAML
       end
 
+      let(:group) do
+        Resource::Group.fabricate_via_api! do |group|
+          group.path = "govern-security-reports-#{Faker::Alphanumeric.alphanumeric(number: 6)}"
+        end
+      end
+
       let!(:project) do
         Resource::Project.fabricate_via_api! do |project|
           project.name = 'project-with-secure'
           project.description = 'Project with Secure'
-          project.group = Resource::Group.fabricate_via_api!
+          project.group = group
         end
       end
 
@@ -148,7 +151,13 @@ module QA
         Page::Group::Menu.perform(&:click_group_security_link)
 
         EE::Page::Group::Secure::Show.perform do |dashboard|
-          expect(dashboard).to have_security_status_project_for_severity('F', project)
+          Support::Retrier.retry_on_exception(
+            max_attempts: 2,
+            reload_page: page,
+            message: "Retry project security status in security dashboard"
+          ) do
+            expect(dashboard).to have_security_status_project_for_severity('F', project)
+          end
         end
 
         Page::Group::Menu.perform(&:click_group_vulnerability_link)
@@ -253,7 +262,7 @@ def wait_for_pipeline_success
       def latest_pipeline
         Resource::Pipeline.fabricate_via_api! do |pipeline|
           pipeline.project = project
-          pipeline.id = project.pipelines.first&.fetch(:id)
+          pipeline.id = project.pipelines.first[:id] unless project.pipelines.empty?
         end
       end