Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/qa
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-02-09 06:09:18 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2021-02-09 06:09:18 +0300
commit9c8d620e48c59fe3d10f9c4b50f91124d7c09182 (patch)
treec629ebcedd29c2ca756af2367218f6723ac3d58d /qa
parent1c0289261b8d67e983b5d3ed1ef23fd800deab98 (diff)
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'qa')
-rw-r--r--qa/qa/resource/ci_variable.rb10
-rw-r--r--qa/qa/resource/project.rb8
-rw-r--r--qa/qa/resource/repository/wiki_push.rb5
-rw-r--r--qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb2
-rw-r--r--qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb2
-rw-r--r--qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb2
-rw-r--r--qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb148
7 files changed, 167 insertions, 10 deletions
diff --git a/qa/qa/resource/ci_variable.rb b/qa/qa/resource/ci_variable.rb
index f14fcdaac9f..0b9f4eb6635 100644
--- a/qa/qa/resource/ci_variable.rb
+++ b/qa/qa/resource/ci_variable.rb
@@ -3,7 +3,7 @@
module QA
module Resource
class CiVariable < Base
- attr_accessor :key, :value, :masked
+ attr_accessor :key, :value, :masked, :protected
attribute :project do
Project.fabricate! do |resource|
@@ -12,6 +12,11 @@ module QA
end
end
+ def initialize
+ @masked = false
+ @protected = false
+ end
+
def fabricate!
project.visit!
@@ -49,7 +54,8 @@ module QA
{
key: key,
value: value,
- masked: masked
+ masked: masked,
+ protected: protected
}
end
end
diff --git a/qa/qa/resource/project.rb b/qa/qa/resource/project.rb
index a92f7912b9e..efb6c2c0591 100644
--- a/qa/qa/resource/project.rb
+++ b/qa/qa/resource/project.rb
@@ -25,10 +25,6 @@ module QA
attribute :template_name
attribute :import
- attribute :default_branch do
- api_response[:default_branch] || Runtime::Env.default_branch
- end
-
attribute :group do
Group.fabricate!
end
@@ -224,6 +220,10 @@ module QA
parse_body(get(Runtime::API::Request.new(api_client, api_commits_path).url))
end
+ def default_branch
+ reload!.api_response[:default_branch] || Runtime::Env.default_branch
+ end
+
def import_status
response = get Runtime::API::Request.new(api_client, "/projects/#{id}/import").url
diff --git a/qa/qa/resource/repository/wiki_push.rb b/qa/qa/resource/repository/wiki_push.rb
index f188e52c969..edf76c7cd78 100644
--- a/qa/qa/resource/repository/wiki_push.rb
+++ b/qa/qa/resource/repository/wiki_push.rb
@@ -12,14 +12,11 @@ module QA
end
end
- def branch_name
- @branch_name ||= wiki.project.default_branch
- end
-
def initialize
@file_name = 'Home.md'
@file_content = 'This line was created using git push'
@commit_message = 'Updating using git push'
+ @branch_name = 'master'
@new_branch = false
end
diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb
index 47117c4d456..9edde7ac12f 100644
--- a/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb
@@ -14,10 +14,12 @@ module QA
Git::Repository.perform do |repository|
repository.uri = project.repository_http_location.uri
repository.use_default_credentials
+ repository.default_branch = project.default_branch
repository.act do
clone
configure_identity('GitLab QA', 'root@gitlab.com')
+ checkout(default_branch, new_branch: true)
commit_file('test.rb', 'class Test; end', 'Add Test class')
commit_file('README.md', '# Test', 'Add Readme')
push_changes
diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb
index 5781bf8a7f0..3440b462302 100644
--- a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb
@@ -26,6 +26,8 @@ module QA
repository.use_default_credentials
repository.clone
repository.configure_identity(username, email)
+ repository.default_branch = project.default_branch
+ repository.checkout(project.default_branch, new_branch: true)
git_protocol_reported = repository.push_with_git_protocol(
git_protocol,
diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb
index 8d966c9e46d..38c9216005f 100644
--- a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb
+++ b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb
@@ -49,6 +49,8 @@ module QA
repository.use_ssh_key(ssh_key)
repository.clone
repository.configure_identity(username, email)
+ repository.default_branch = project.default_branch
+ repository.checkout(project.default_branch, new_branch: true)
git_protocol_reported = repository.push_with_git_protocol(
git_protocol,
diff --git a/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb b/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb
new file mode 100644
index 00000000000..5b976ae4126
--- /dev/null
+++ b/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb
@@ -0,0 +1,148 @@
+# frozen_string_literal: true
+
+require 'faker'
+
+module QA
+ RSpec.describe 'Verify', :runner do
+ describe 'Pipeline with protected variable' do
+ let(:executor) { "qa-runner-#{Faker::Alphanumeric.alphanumeric(8)}" }
+ let(:protected_value) { Faker::Alphanumeric.alphanumeric(8) }
+
+ let(:project) do
+ Resource::Project.fabricate_via_api! do |project|
+ project.name = 'project-with-ci-variables'
+ project.description = 'project with CI variables'
+ end
+ end
+
+ let!(:runner) do
+ Resource::Runner.fabricate! do |runner|
+ runner.project = project
+ runner.name = executor
+ runner.tags = [executor]
+ end
+ end
+
+ let!(:ci_file) do
+ Resource::Repository::Commit.fabricate_via_api! do |commit|
+ commit.project = project
+ commit.commit_message = 'Add .gitlab-ci.yml'
+ commit.add_files(
+ [
+ {
+ file_path: '.gitlab-ci.yml',
+ content: <<~YAML
+ job:
+ tags:
+ - #{executor}
+ script: echo $PROTECTED_VARIABLE
+ YAML
+ }
+ ]
+ )
+ end
+ end
+
+ let(:developer) do
+ Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1)
+ end
+
+ let(:maintainer) do
+ Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2)
+ end
+
+ before do
+ Flow::Login.sign_in
+ project.visit!
+ project.add_member(developer)
+ project.add_member(maintainer, Resource::Members::AccessLevel::MAINTAINER)
+ add_ci_variable
+ end
+
+ after do
+ runner.remove_via_api!
+ end
+
+ it 'exposes variable on protected branch', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/156' do
+ create_protected_branch
+
+ [developer, maintainer].each do |user|
+ user_commit_to_protected_branch(Runtime::API::Client.new(:gitlab, user: user))
+ go_to_pipeline_job(user)
+
+ Page::Project::Job::Show.perform do |show|
+ expect(show.output).to have_content(protected_value), 'Expect protected variable to be in job log.'
+ end
+ end
+ end
+
+ it 'does not expose variable on unprotected branch', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/156' do
+ [developer, maintainer].each do |user|
+ create_merge_request(Runtime::API::Client.new(:gitlab, user: user))
+ go_to_pipeline_job(user)
+
+ Page::Project::Job::Show.perform do |show|
+ expect(show.output).to have_no_content(protected_value), 'Expect protected variable to NOT be in job log.'
+ end
+ end
+ end
+
+ private
+
+ def add_ci_variable
+ Resource::CiVariable.fabricate_via_api! do |ci_variable|
+ ci_variable.project = project
+ ci_variable.key = 'PROTECTED_VARIABLE'
+ ci_variable.value = protected_value
+ ci_variable.protected = true
+ end
+ end
+
+ def create_protected_branch
+ # Using default setups, which allows access for developer and maintainer
+ Resource::ProtectedBranch.fabricate_via_api! do |resource|
+ resource.branch_name = 'protected-branch'
+ resource.project = project
+ end
+ end
+
+ def user_commit_to_protected_branch(api_client)
+ Resource::Repository::Commit.fabricate_via_api! do |commit|
+ commit.api_client = api_client
+ commit.project = project
+ commit.branch = 'protected-branch'
+ commit.commit_message = Faker::Lorem.sentence
+ commit.add_files(
+ [
+ {
+ file_path: "#{Faker::Lorem.word}.txt",
+ content: Faker::Lorem.sentence
+ }
+ ]
+ )
+ end
+ end
+
+ def create_merge_request(api_client)
+ Resource::MergeRequest.fabricate_via_api! do |merge_request|
+ merge_request.api_client = api_client
+ merge_request.project = project
+ merge_request.description = Faker::Lorem.sentence
+ merge_request.target_new_branch = false
+ merge_request.file_name = "#{Faker::Lorem.word}.txt"
+ merge_request.file_content = Faker::Lorem.sentence
+ end
+ end
+
+ def go_to_pipeline_job(user)
+ Flow::Login.sign_in(as: user)
+ project.visit!
+ Flow::Pipeline.visit_latest_pipeline(pipeline_condition: 'completed')
+
+ Page::Project::Pipeline::Show.perform do |pipeline|
+ pipeline.click_job('job')
+ end
+ end
+ end
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-25 09:14:54 +0300