Add latest changes from gitlab-org/gitlab@master

2 files changed, 139 insertions, 0 deletions

diff --git a/spec/requests/api/metrics/user_starred_dashboards_spec.rb b/spec/requests/api/metrics/user_starred_dashboards_spec.rb
new file mode 100644
index 00000000000..4b3c6407ef7
--- /dev/null
+++ b/spec/requests/api/metrics/user_starred_dashboards_spec.rb
@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe API::Metrics::UserStarredDashboards do
+  let_it_be(:user) { create(:user) }
+  let!(:project) { create(:project, :private, :repository, :custom_repo, namespace: user.namespace, files: { dashboard => dashboard_yml }) }
+  let(:dashboard_yml) { fixture_file('lib/gitlab/metrics/dashboard/sample_dashboard.yml') }
+  let(:dashboard) { '.gitlab/dashboards/find&seek.yml' }
+  let(:params) do
+    {
+      user: user,
+      project: project,
+      dashboard_path: CGI.escape(dashboard)
+    }
+  end
+
+  describe 'POST /projects/:id/metrics/user_starred_dashboards' do
+    let(:url) { "/projects/#{project.id}/metrics/user_starred_dashboards" }
+
+    before do
+      project.add_reporter(user)
+    end
+
+    context 'with correct permissions' do
+      context 'with valid parameters' do
+        context 'dashboard_path as url param url escaped' do
+          it 'creates a new annotation', :aggregate_failures do
+            post api(url, user), params: params
+
+            expect(response).to have_gitlab_http_status(:created)
+            expect(json_response['project_id']).to eq(project.id)
+            expect(json_response['user_id']).to eq(user.id)
+            expect(json_response['dashboard_path']).to eq(dashboard)
+          end
+        end
+
+        context 'dashboard_path in request body unescaped' do
+          let(:params) do
+            {
+              user: user,
+              project: project,
+              dashboard_path: dashboard
+            }
+          end
+
+          it 'creates a new annotation', :aggregate_failures do
+            post api(url, user), params: params
+
+            expect(response).to have_gitlab_http_status(:created)
+            expect(json_response['project_id']).to eq(project.id)
+            expect(json_response['user_id']).to eq(user.id)
+            expect(json_response['dashboard_path']).to eq(dashboard)
+          end
+        end
+      end
+
+      context 'with invalid parameters' do
+        it 'returns error message' do
+          post api(url, user), params: { dashboard_path: '' }
+
+          expect(response).to have_gitlab_http_status(:bad_request)
+          expect(json_response['error']).to eq('dashboard_path is empty')
+        end
+
+        context 'user is missing' do
+          it 'returns 404 not found' do
+            post api(url, nil), params: params
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+
+        context 'project is missing' do
+          it 'returns 404 not found' do
+            post api("/projects/#{project.id + 1}/user_starred_dashboards", user), params: params
+
+            expect(response).to have_gitlab_http_status(:not_found)
+          end
+        end
+      end
+    end
+
+    context 'without correct permissions' do
+      it 'returns 404 not found' do
+        post api(url, create(:user)), params: params
+
+        expect(response).to have_gitlab_http_status(:not_found)
+      end
+    end
+  end
+end
diff --git a/spec/requests/api/runner_spec.rb b/spec/requests/api/runner_spec.rb
index bc2da8a2b9a..5327a3a77c5 100644
--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -998,6 +998,53 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
           end
         end
 
+        describe 'a job with excluded artifacts' do
+          context 'when excluded paths are defined' do
+            let(:job) do
+              create(:ci_build, pipeline: pipeline, token: 'test-job-token', name: 'test',
+                                stage: 'deploy', stage_idx: 1,
+                                options: { artifacts: { paths: ['abc'], exclude: ['cde'] } })
+            end
+
+            context 'when a runner supports this feature' do
+              it 'exposes excluded paths when the feature is enabled' do
+                stub_feature_flags(ci_artifacts_exclude: true)
+
+                request_job info: { features: { artifacts_exclude: true } }
+
+                expect(response).to have_gitlab_http_status(:created)
+                expect(json_response.dig('artifacts').first).to include('exclude' => ['cde'])
+              end
+
+              it 'does not expose excluded paths when the feature is disabled' do
+                stub_feature_flags(ci_artifacts_exclude: false)
+
+                request_job info: { features: { artifacts_exclude: true } }
+
+                expect(response).to have_gitlab_http_status(:created)
+                expect(json_response.dig('artifacts').first).not_to have_key('exclude')
+              end
+            end
+
+            context 'when a runner does not support this feature' do
+              it 'does not expose the build at all' do
+                stub_feature_flags(ci_artifacts_exclude: true)
+
+                request_job
+
+                expect(response).to have_gitlab_http_status(:no_content)
+              end
+            end
+          end
+
+          it 'does not expose excluded paths when these are empty' do
+            request_job
+
+            expect(response).to have_gitlab_http_status(:created)
+            expect(json_response.dig('artifacts').first).not_to have_key('exclude')
+          end
+        end
+
         def request_job(token = runner.token, **params)
           new_params = params.merge(token: token, last_update: last_update)
           post api('/jobs/request'), params: new_params, headers: { 'User-Agent' => user_agent }