Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42

4 files changed, 100 insertions, 47 deletions

diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb
new file mode 100644
index 00000000000..adb45244adb
--- /dev/null
+++ b/app/services/security/ci_configuration/base_create_service.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Security
+  module CiConfiguration
+    class BaseCreateService
+      attr_reader :branch_name, :current_user, :project
+
+      def initialize(project, current_user)
+        @project = project
+        @current_user = current_user
+        @branch_name = project.repository.next_branch(next_branch)
+      end
+
+      def execute
+        project.repository.add_branch(current_user, branch_name, project.default_branch)
+
+        attributes_for_commit = attributes
+
+        result = ::Files::MultiService.new(project, current_user, attributes_for_commit).execute
+
+        return ServiceResponse.error(message: result[:message]) unless result[:status] == :success
+
+        track_event(attributes_for_commit)
+        ServiceResponse.success(payload: { branch: branch_name, success_path: successful_change_path })
+      rescue Gitlab::Git::PreReceiveError => e
+        ServiceResponse.error(message: e.message)
+      rescue StandardError
+        project.repository.rm_branch(current_user, branch_name) if project.repository.branch_exists?(branch_name)
+        raise
+      end
+
+      private
+
+      def attributes
+        {
+          commit_message: message,
+          branch_name: branch_name,
+          start_branch: branch_name,
+          actions: [action]
+        }
+      end
+
+      def existing_gitlab_ci_content
+        @gitlab_ci_yml ||= project.repository.gitlab_ci_yml_for(project.repository.root_ref_sha)
+        YAML.safe_load(@gitlab_ci_yml) if @gitlab_ci_yml
+      end
+
+      def successful_change_path
+        merge_request_params = { source_branch: branch_name, description: description }
+        Gitlab::Routing.url_helpers.project_new_merge_request_url(project, merge_request: merge_request_params)
+      end
+
+      def track_event(attributes_for_commit)
+        action = attributes_for_commit[:actions].first
+
+        Gitlab::Tracking.event(
+          self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s
+        )
+      end
+    end
+  end
+end
diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb
index 8fc3b8d078c..f495cac18f8 100644
--- a/app/services/security/ci_configuration/sast_create_service.rb
+++ b/app/services/security/ci_configuration/sast_create_service.rb
@@ -2,64 +2,30 @@
 
 module Security
   module CiConfiguration
-    class SastCreateService < ::BaseService
+    class SastCreateService < ::Security::CiConfiguration::BaseCreateService
+      attr_reader :params
+
       def initialize(project, current_user, params)
-        @project = project
-        @current_user = current_user
+        super(project, current_user)
         @params = params
-        @branch_name = @project.repository.next_branch('set-sast-config')
-      end
-
-      def execute
-        attributes_for_commit = attributes
-        result = ::Files::MultiService.new(@project, @current_user, attributes_for_commit).execute
-
-        if result[:status] == :success
-          result[:success_path] = successful_change_path
-          track_event(attributes_for_commit)
-        else
-          result[:errors] = result[:message]
-        end
-
-        result
-
-      rescue Gitlab::Git::PreReceiveError => e
-        { status: :error, errors: e.message }
       end
 
       private
 
-      def attributes
-        actions = Security::CiConfiguration::SastBuildActions.new(@project.auto_devops_enabled?, @params, existing_gitlab_ci_content).generate
-
-        @project.repository.add_branch(@current_user, @branch_name, @project.default_branch)
-        message = _('Set .gitlab-ci.yml to enable or configure SAST')
-
-        {
-          commit_message: message,
-          branch_name: @branch_name,
-          start_branch: @branch_name,
-          actions: actions
-        }
+      def action
+        Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content).generate
       end
 
-      def existing_gitlab_ci_content
-        gitlab_ci_yml = @project.repository.gitlab_ci_yml_for(@project.repository.root_ref_sha)
-        YAML.safe_load(gitlab_ci_yml) if gitlab_ci_yml
+      def next_branch
+        'set-sast-config'
       end
 
-      def successful_change_path
-        description = _('Set .gitlab-ci.yml to enable or configure SAST security scanning using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.')
-        merge_request_params = { source_branch: @branch_name, description: description }
-        Gitlab::Routing.url_helpers.project_new_merge_request_url(@project, merge_request: merge_request_params)
+      def message
+        _('Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist')
       end
 
-      def track_event(attributes_for_commit)
-        action = attributes_for_commit[:actions].first
-
-        Gitlab::Tracking.event(
-          self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s
-        )
+      def description
+        _('Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.')
       end
     end
   end
diff --git a/app/services/security/ci_configuration/sast_parser_service.rb b/app/services/security/ci_configuration/sast_parser_service.rb
index a8fe5764d19..5220525d552 100644
--- a/app/services/security/ci_configuration/sast_parser_service.rb
+++ b/app/services/security/ci_configuration/sast_parser_service.rb
@@ -74,7 +74,7 @@ module Security
 
       def sast_excluded_analyzers
         strong_memoize(:sast_excluded_analyzers) do
-          all_analyzers = Security::CiConfiguration::SastBuildActions::SAST_DEFAULT_ANALYZERS.split(', ') rescue []
+          all_analyzers = Security::CiConfiguration::SastBuildAction::SAST_DEFAULT_ANALYZERS.split(', ') rescue []
           enabled_analyzers = sast_default_analyzers.split(',').map(&:strip) rescue []
 
           excluded_analyzers = gitlab_ci_yml_attributes["SAST_EXCLUDED_ANALYZERS"] || sast_template_attributes["SAST_EXCLUDED_ANALYZERS"]
diff --git a/app/services/security/ci_configuration/secret_detection_create_service.rb b/app/services/security/ci_configuration/secret_detection_create_service.rb
new file mode 100644
index 00000000000..ff3458d36fc
--- /dev/null
+++ b/app/services/security/ci_configuration/secret_detection_create_service.rb
@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Security
+  module CiConfiguration
+    class SecretDetectionCreateService < ::Security::CiConfiguration::BaseCreateService
+      private
+
+      def action
+        Security::CiConfiguration::SecretDetectionBuildAction.new(project.auto_devops_enabled?, existing_gitlab_ci_content).generate
+      end
+
+      def next_branch
+        'set-secret-detection-config'
+      end
+
+      def message
+        _('Configure Secret Detection in `.gitlab-ci.yml`, creating this file if it does not already exist')
+      end
+
+      def description
+        _('Configure Secret Detection in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings) to customize Secret Detection settings.')
+      end
+    end
+  end
+end