diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-09 06:09:18 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-02-09 06:09:18 +0300 |
commit | 9c8d620e48c59fe3d10f9c4b50f91124d7c09182 (patch) | |
tree | c629ebcedd29c2ca756af2367218f6723ac3d58d /qa | |
parent | 1c0289261b8d67e983b5d3ed1ef23fd800deab98 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'qa')
7 files changed, 167 insertions, 10 deletions
diff --git a/qa/qa/resource/ci_variable.rb b/qa/qa/resource/ci_variable.rb index f14fcdaac9f..0b9f4eb6635 100644 --- a/qa/qa/resource/ci_variable.rb +++ b/qa/qa/resource/ci_variable.rb @@ -3,7 +3,7 @@ module QA module Resource class CiVariable < Base - attr_accessor :key, :value, :masked + attr_accessor :key, :value, :masked, :protected attribute :project do Project.fabricate! do |resource| @@ -12,6 +12,11 @@ module QA end end + def initialize + @masked = false + @protected = false + end + def fabricate! project.visit! @@ -49,7 +54,8 @@ module QA { key: key, value: value, - masked: masked + masked: masked, + protected: protected } end end diff --git a/qa/qa/resource/project.rb b/qa/qa/resource/project.rb index a92f7912b9e..efb6c2c0591 100644 --- a/qa/qa/resource/project.rb +++ b/qa/qa/resource/project.rb @@ -25,10 +25,6 @@ module QA attribute :template_name attribute :import - attribute :default_branch do - api_response[:default_branch] || Runtime::Env.default_branch - end - attribute :group do Group.fabricate! end @@ -224,6 +220,10 @@ module QA parse_body(get(Runtime::API::Request.new(api_client, api_commits_path).url)) end + def default_branch + reload!.api_response[:default_branch] || Runtime::Env.default_branch + end + def import_status response = get Runtime::API::Request.new(api_client, "/projects/#{id}/import").url diff --git a/qa/qa/resource/repository/wiki_push.rb b/qa/qa/resource/repository/wiki_push.rb index f188e52c969..edf76c7cd78 100644 --- a/qa/qa/resource/repository/wiki_push.rb +++ b/qa/qa/resource/repository/wiki_push.rb @@ -12,14 +12,11 @@ module QA end end - def branch_name - @branch_name ||= wiki.project.default_branch - end - def initialize @file_name = 'Home.md' @file_content = 'This line was created using git push' @commit_message = 'Updating using git push' + @branch_name = 'master' @new_branch = false end diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb index 47117c4d456..9edde7ac12f 100644 --- a/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb +++ b/qa/qa/specs/features/browser_ui/3_create/repository/clone_spec.rb @@ -14,10 +14,12 @@ module QA Git::Repository.perform do |repository| repository.uri = project.repository_http_location.uri repository.use_default_credentials + repository.default_branch = project.default_branch repository.act do clone configure_identity('GitLab QA', 'root@gitlab.com') + checkout(default_branch, new_branch: true) commit_file('test.rb', 'class Test; end', 'Add Test class') commit_file('README.md', '# Test', 'Add Readme') push_changes diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb index 5781bf8a7f0..3440b462302 100644 --- a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb +++ b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_http_spec.rb @@ -26,6 +26,8 @@ module QA repository.use_default_credentials repository.clone repository.configure_identity(username, email) + repository.default_branch = project.default_branch + repository.checkout(project.default_branch, new_branch: true) git_protocol_reported = repository.push_with_git_protocol( git_protocol, diff --git a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb index 8d966c9e46d..38c9216005f 100644 --- a/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb +++ b/qa/qa/specs/features/browser_ui/3_create/repository/protocol_v2_push_ssh_spec.rb @@ -49,6 +49,8 @@ module QA repository.use_ssh_key(ssh_key) repository.clone repository.configure_identity(username, email) + repository.default_branch = project.default_branch + repository.checkout(project.default_branch, new_branch: true) git_protocol_reported = repository.push_with_git_protocol( git_protocol, diff --git a/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb b/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb new file mode 100644 index 00000000000..5b976ae4126 --- /dev/null +++ b/qa/qa/specs/features/browser_ui/4_verify/ci_variable/pipeline_with_protected_variable_spec.rb @@ -0,0 +1,148 @@ +# frozen_string_literal: true + +require 'faker' + +module QA + RSpec.describe 'Verify', :runner do + describe 'Pipeline with protected variable' do + let(:executor) { "qa-runner-#{Faker::Alphanumeric.alphanumeric(8)}" } + let(:protected_value) { Faker::Alphanumeric.alphanumeric(8) } + + let(:project) do + Resource::Project.fabricate_via_api! do |project| + project.name = 'project-with-ci-variables' + project.description = 'project with CI variables' + end + end + + let!(:runner) do + Resource::Runner.fabricate! do |runner| + runner.project = project + runner.name = executor + runner.tags = [executor] + end + end + + let!(:ci_file) do + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.project = project + commit.commit_message = 'Add .gitlab-ci.yml' + commit.add_files( + [ + { + file_path: '.gitlab-ci.yml', + content: <<~YAML + job: + tags: + - #{executor} + script: echo $PROTECTED_VARIABLE + YAML + } + ] + ) + end + end + + let(:developer) do + Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_1, Runtime::Env.gitlab_qa_password_1) + end + + let(:maintainer) do + Resource::User.fabricate_or_use(Runtime::Env.gitlab_qa_username_2, Runtime::Env.gitlab_qa_password_2) + end + + before do + Flow::Login.sign_in + project.visit! + project.add_member(developer) + project.add_member(maintainer, Resource::Members::AccessLevel::MAINTAINER) + add_ci_variable + end + + after do + runner.remove_via_api! + end + + it 'exposes variable on protected branch', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/156' do + create_protected_branch + + [developer, maintainer].each do |user| + user_commit_to_protected_branch(Runtime::API::Client.new(:gitlab, user: user)) + go_to_pipeline_job(user) + + Page::Project::Job::Show.perform do |show| + expect(show.output).to have_content(protected_value), 'Expect protected variable to be in job log.' + end + end + end + + it 'does not expose variable on unprotected branch', testcase: 'https://gitlab.com/gitlab-org/quality/testcases/-/issues/156' do + [developer, maintainer].each do |user| + create_merge_request(Runtime::API::Client.new(:gitlab, user: user)) + go_to_pipeline_job(user) + + Page::Project::Job::Show.perform do |show| + expect(show.output).to have_no_content(protected_value), 'Expect protected variable to NOT be in job log.' + end + end + end + + private + + def add_ci_variable + Resource::CiVariable.fabricate_via_api! do |ci_variable| + ci_variable.project = project + ci_variable.key = 'PROTECTED_VARIABLE' + ci_variable.value = protected_value + ci_variable.protected = true + end + end + + def create_protected_branch + # Using default setups, which allows access for developer and maintainer + Resource::ProtectedBranch.fabricate_via_api! do |resource| + resource.branch_name = 'protected-branch' + resource.project = project + end + end + + def user_commit_to_protected_branch(api_client) + Resource::Repository::Commit.fabricate_via_api! do |commit| + commit.api_client = api_client + commit.project = project + commit.branch = 'protected-branch' + commit.commit_message = Faker::Lorem.sentence + commit.add_files( + [ + { + file_path: "#{Faker::Lorem.word}.txt", + content: Faker::Lorem.sentence + } + ] + ) + end + end + + def create_merge_request(api_client) + Resource::MergeRequest.fabricate_via_api! do |merge_request| + merge_request.api_client = api_client + merge_request.project = project + merge_request.description = Faker::Lorem.sentence + merge_request.target_new_branch = false + merge_request.file_name = "#{Faker::Lorem.word}.txt" + merge_request.file_content = Faker::Lorem.sentence + end + end + + def go_to_pipeline_job(user) + Flow::Login.sign_in(as: user) + project.visit! + Flow::Pipeline.visit_latest_pipeline(pipeline_condition: 'completed') + + Page::Project::Pipeline::Show.perform do |pipeline| + pipeline.click_job('job') + end + end + end + end +end |