Add latest changes from gitlab-org/gitlab@15-8-stable-eev15.8.0-rc42

6 files changed, 42 insertions, 9 deletions

diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb
index 7f3b66d40e1..aaa850fde39 100644
--- a/app/services/security/ci_configuration/base_create_service.rb
+++ b/app/services/security/ci_configuration/base_create_service.rb
@@ -3,7 +3,7 @@
 module Security
   module CiConfiguration
     class BaseCreateService
-      attr_reader :branch_name, :current_user, :project
+      attr_reader :branch_name, :current_user, :project, :name
 
       def initialize(project, current_user)
         @project = project
@@ -41,8 +41,18 @@ module Security
       end
 
       def existing_gitlab_ci_content
-        @gitlab_ci_yml ||= project.ci_config_for(project.repository.root_ref_sha)
+        root_ref = root_ref_sha(project)
+        return if root_ref.nil?
+
+        @gitlab_ci_yml ||= project.ci_config_for(root_ref)
         YAML.safe_load(@gitlab_ci_yml) if @gitlab_ci_yml
+      rescue Psych::BadAlias
+        raise Gitlab::Graphql::Errors::MutationError,
+              ".gitlab-ci.yml with aliases/anchors is not supported. Please change the CI configuration manually."
+      rescue Psych::Exception => e
+        Gitlab::AppLogger.error("Failed to process existing .gitlab-ci.yml: #{e.message}")
+        raise Gitlab::Graphql::Errors::MutationError,
+              "#{name} merge request creation mutation failed"
       end
 
       def successful_change_path
@@ -61,6 +71,15 @@ module Security
           self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s
         )
       end
+
+      def root_ref_sha(project)
+        project.repository.root_ref_sha
+      rescue StandardError => e
+        # this might fail on the very first commit,
+        # and unfortunately it raises a StandardError
+        Gitlab::ErrorTracking.track_exception(e, project_id: project.id)
+        nil
+      end
     end
   end
 end
diff --git a/app/services/security/ci_configuration/container_scanning_create_service.rb b/app/services/security/ci_configuration/container_scanning_create_service.rb
index da2f1ac0981..4dfd05451ad 100644
--- a/app/services/security/ci_configuration/container_scanning_create_service.rb
+++ b/app/services/security/ci_configuration/container_scanning_create_service.rb
@@ -21,6 +21,10 @@ module Security
       def description
         _('Configure Container Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings) to customize Container Scanning settings.')
       end
+
+      def name
+        'Container Scanning'
+      end
     end
   end
 end
diff --git a/app/services/security/ci_configuration/dependency_scanning_create_service.rb b/app/services/security/ci_configuration/dependency_scanning_create_service.rb
index b11eccc680c..66dd76c4b5d 100644
--- a/app/services/security/ci_configuration/dependency_scanning_create_service.rb
+++ b/app/services/security/ci_configuration/dependency_scanning_create_service.rb
@@ -21,6 +21,10 @@ module Security
       def description
         _('Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings.')
       end
+
+      def name
+        'Dependency Scanning'
+      end
     end
   end
 end
diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb
index d78e22f1fe1..643cb7f89dc 100644
--- a/app/services/security/ci_configuration/sast_create_service.rb
+++ b/app/services/security/ci_configuration/sast_create_service.rb
@@ -20,13 +20,7 @@ module Security
       end
 
       def action
-        existing_content = begin
-          existing_gitlab_ci_content # this can fail on the very first commit
-        rescue StandardError
-          nil
-        end
-
-        Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_content, project.ci_config_path).generate
+        Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content, project.ci_config_path).generate
       end
 
       def next_branch
@@ -40,6 +34,10 @@ module Security
       def description
         _('Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.')
       end
+
+      def name
+        'SAST'
+      end
     end
   end
 end
diff --git a/app/services/security/ci_configuration/sast_iac_create_service.rb b/app/services/security/ci_configuration/sast_iac_create_service.rb
index fbc65484216..61bbebd77d0 100644
--- a/app/services/security/ci_configuration/sast_iac_create_service.rb
+++ b/app/services/security/ci_configuration/sast_iac_create_service.rb
@@ -21,6 +21,10 @@ module Security
       def description
         _('Configure SAST IaC in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST IaC settings.')
       end
+
+      def name
+        'SAST IaC'
+      end
     end
   end
 end
diff --git a/app/services/security/ci_configuration/secret_detection_create_service.rb b/app/services/security/ci_configuration/secret_detection_create_service.rb
index ca5138b6ed6..792fe4986e9 100644
--- a/app/services/security/ci_configuration/secret_detection_create_service.rb
+++ b/app/services/security/ci_configuration/secret_detection_create_service.rb
@@ -21,6 +21,10 @@ module Security
       def description
         _('Configure Secret Detection in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings) to customize Secret Detection settings.')
       end
+
+      def name
+        'Secret Detection'
+      end
     end
   end
 end