diff options
Diffstat (limited to 'spec/lib/gitlab/ci')
21 files changed, 658 insertions, 138 deletions
diff --git a/spec/lib/gitlab/ci/ansi2json/line_spec.rb b/spec/lib/gitlab/ci/ansi2json/line_spec.rb index 909c0f1b3ea..d16750d19f1 100644 --- a/spec/lib/gitlab/ci/ansi2json/line_spec.rb +++ b/spec/lib/gitlab/ci/ansi2json/line_spec.rb @@ -76,30 +76,25 @@ RSpec.describe Gitlab::Ci::Ansi2json::Line do end describe '#set_section_duration' do - shared_examples 'set_section_duration' do - it 'sets and formats the section_duration' do - subject.set_section_duration(75) + using RSpec::Parameterized::TableSyntax - expect(subject.section_duration).to eq('01:15') - end + where(:duration, :result) do + nil | '00:00' + 'string' | '00:00' + 0.seconds | '00:00' + 7.seconds | '00:07' + 75 | '01:15' + 1.minute + 15.seconds | '01:15' + 13.hours + 14.minutes + 15.seconds | '13:14:15' + 1.day + 13.hours + 14.minutes + 15.seconds | '37:14:15' end - context 'with default timezone' do - it_behaves_like 'set_section_duration' - end + with_them do + it do + subject.set_section_duration(duration) - context 'with a timezone carrying minutes offset' do - before do - # The actual call by does use Time.at(...).utc that the following - # rubocop rule (Rails/TimeZone) suggests, but for this specific - # test's purposes we needed to mock at the Time.at call point. - - # rubocop:disable Rails/TimeZone - allow(Time).to receive(:at).with(75).and_return(Time.at(75, in: '+05:30')) - # rubocop:enable Rails/TimeZone + expect(subject.section_duration).to eq(result) end - - it_behaves_like 'set_section_duration' end end diff --git a/spec/lib/gitlab/ci/config/entry/artifacts_spec.rb b/spec/lib/gitlab/ci/config/entry/artifacts_spec.rb index 0e6d5b6c311..7476fc6c25f 100644 --- a/spec/lib/gitlab/ci/config/entry/artifacts_spec.rb +++ b/spec/lib/gitlab/ci/config/entry/artifacts_spec.rb @@ -143,51 +143,22 @@ RSpec.describe Gitlab::Ci::Config::Entry::Artifacts do end describe 'excluded artifacts' do - context 'when configuration is valid and the feature is enabled' do - before do - stub_feature_flags(ci_artifacts_exclude: true) - end - - context 'when configuration is valid' do - let(:config) { { untracked: true, exclude: ['some/directory/'] } } - - it 'correctly parses the configuration' do - expect(entry).to be_valid - expect(entry.value).to eq config - end - end + context 'when configuration is valid' do + let(:config) { { untracked: true, exclude: ['some/directory/'] } } - context 'when configuration is not valid' do - let(:config) { { untracked: true, exclude: 1234 } } - - it 'returns an error' do - expect(entry).not_to be_valid - expect(entry.errors) - .to include 'artifacts exclude should be an array of strings' - end + it 'correctly parses the configuration' do + expect(entry).to be_valid + expect(entry.value).to eq config end end - context 'when artifacts/exclude feature is disabled' do - before do - stub_feature_flags(ci_artifacts_exclude: false) - end - - context 'when configuration has been provided' do - let(:config) { { untracked: true, exclude: ['some/directory/'] } } - - it 'returns an error' do - expect(entry).not_to be_valid - expect(entry.errors).to include 'artifacts exclude feature is disabled' - end - end + context 'when configuration is not valid' do + let(:config) { { untracked: true, exclude: 1234 } } - context 'when configuration is not present' do - let(:config) { { untracked: true } } - - it 'is a valid configuration' do - expect(entry).to be_valid - end + it 'returns an error' do + expect(entry).not_to be_valid + expect(entry.errors) + .to include 'artifacts exclude should be an array of strings' end end end diff --git a/spec/lib/gitlab/ci/config/entry/reports_spec.rb b/spec/lib/gitlab/ci/config/entry/reports_spec.rb index d8907f7015b..12b8960eb32 100644 --- a/spec/lib/gitlab/ci/config/entry/reports_spec.rb +++ b/spec/lib/gitlab/ci/config/entry/reports_spec.rb @@ -40,6 +40,7 @@ RSpec.describe Gitlab::Ci::Config::Entry::Reports do :secret_detection | 'gl-secret-detection-report.json' :dependency_scanning | 'gl-dependency-scanning-report.json' :container_scanning | 'gl-container-scanning-report.json' + :cluster_image_scanning | 'gl-cluster-image-scanning-report.json' :dast | 'gl-dast-report.json' :license_scanning | 'gl-license-scanning-report.json' :performance | 'performance.json' diff --git a/spec/lib/gitlab/ci/lint_spec.rb b/spec/lib/gitlab/ci/lint_spec.rb index aaa3a7a8b9d..77f6608eb85 100644 --- a/spec/lib/gitlab/ci/lint_spec.rb +++ b/spec/lib/gitlab/ci/lint_spec.rb @@ -247,7 +247,7 @@ RSpec.describe Gitlab::Ci::Lint do include_context 'advanced validations' do it 'runs advanced logical validations' do expect(subject).not_to be_valid - expect(subject.errors).to eq(["'test' job needs 'build' job, but it was not added to the pipeline"]) + expect(subject.errors).to eq(["'test' job needs 'build' job, but 'build' is not in any previous stage"]) end end diff --git a/spec/lib/gitlab/ci/matching/runner_matcher_spec.rb b/spec/lib/gitlab/ci/matching/runner_matcher_spec.rb index d6492caa31a..6b3fef33182 100644 --- a/spec/lib/gitlab/ci/matching/runner_matcher_spec.rb +++ b/spec/lib/gitlab/ci/matching/runner_matcher_spec.rb @@ -5,6 +5,7 @@ require 'spec_helper' RSpec.describe Gitlab::Ci::Matching::RunnerMatcher do let(:dummy_attributes) do { + runner_ids: [1], runner_type: 'instance_type', public_projects_minutes_cost_factor: 0, private_projects_minutes_cost_factor: 1, @@ -26,6 +27,8 @@ RSpec.describe Gitlab::Ci::Matching::RunnerMatcher do context 'with attributes' do let(:attributes) { dummy_attributes } + it { expect(matcher.runner_ids).to eq([1]) } + it { expect(matcher.runner_type).to eq('instance_type') } it { expect(matcher.public_projects_minutes_cost_factor).to eq(0) } diff --git a/spec/lib/gitlab/ci/pipeline/chain/seed_spec.rb b/spec/lib/gitlab/ci/pipeline/chain/seed_spec.rb index 2e537f40692..687bb82a8ef 100644 --- a/spec/lib/gitlab/ci/pipeline/chain/seed_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/chain/seed_spec.rb @@ -203,18 +203,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Seed do expect(rspec_variables['VAR1']).to eq('overridden var 1') end - - context 'when the FF ci_workflow_rules_variables is disabled' do - before do - stub_feature_flags(ci_workflow_rules_variables: false) - end - - it 'sends root variable' do - run_chain - - expect(rspec_variables['VAR1']).to eq('var 1') - end - end end context 'N+1 queries' do diff --git a/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb b/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb index 020f957cf70..58938251ca1 100644 --- a/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/seed/build_spec.rb @@ -11,8 +11,9 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build do let(:seed_context) { double(pipeline: pipeline, root_variables: root_variables) } let(:attributes) { { name: 'rspec', ref: 'master', scheduling_type: :stage } } let(:previous_stages) { [] } + let(:current_stage) { double(seeds_names: [attributes[:name]]) } - let(:seed_build) { described_class.new(seed_context, attributes, previous_stages) } + let(:seed_build) { described_class.new(seed_context, attributes, previous_stages, current_stage) } describe '#attributes' do subject { seed_build.attributes } @@ -90,6 +91,20 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build do end end + context 'with job:tags' do + let(:attributes) do + { + name: 'rspec', + ref: 'master', + job_variables: [{ key: 'VARIABLE', value: 'value', public: true }], + tag_list: ['static-tag', '$VARIABLE', '$NO_VARIABLE'] + } + end + + it { is_expected.to include(tag_list: ['static-tag', 'value', '$NO_VARIABLE']) } + it { is_expected.to include(yaml_variables: [{ key: 'VARIABLE', value: 'value', public: true }]) } + end + context 'with cache:key' do let(:attributes) do { @@ -250,19 +265,6 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build do { key: 'VAR4', value: 'new var pipeline 4', public: true }] ) end - - context 'when FF ci_workflow_rules_variables is disabled' do - before do - stub_feature_flags(ci_workflow_rules_variables: false) - end - - it 'returns existing yaml variables' do - expect(subject[:yaml_variables]).to match_array( - [{ key: 'VAR2', value: 'var 2', public: true }, - { key: 'VAR3', value: 'var 3', public: true }] - ) - end - end end context 'when root_variables_inheritance is false' do @@ -1092,7 +1094,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build do it "returns an error" do expect(subject.errors).to contain_exactly( - "'rspec' job needs 'build' job, but it was not added to the pipeline") + "'rspec' job needs 'build' job, but 'build' is not in any previous stage") end context 'when the needed job is optional' do @@ -1128,6 +1130,28 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Build do end end + context 'when build job is part of the same stage' do + let(:current_stage) { double(seeds_names: [attributes[:name], 'build']) } + + it 'is included' do + is_expected.to be_included + end + + it 'does not have errors' do + expect(subject.errors).to be_empty + end + + context 'when ci_same_stage_job_needs FF is disabled' do + before do + stub_feature_flags(ci_same_stage_job_needs: false) + end + + it 'has errors' do + expect(subject.errors).to contain_exactly("'rspec' job needs 'build' job, but 'build' is not in any previous stage") + end + end + end + context 'when using 101 needs' do let(:needs_count) { 101 } diff --git a/spec/lib/gitlab/ci/pipeline/seed/pipeline_spec.rb b/spec/lib/gitlab/ci/pipeline/seed/pipeline_spec.rb index 21be8660def..3424e7d03a3 100644 --- a/spec/lib/gitlab/ci/pipeline/seed/pipeline_spec.rb +++ b/spec/lib/gitlab/ci/pipeline/seed/pipeline_spec.rb @@ -34,6 +34,10 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Pipeline do described_class.new(seed_context, stages_attributes) end + before do + stub_feature_flags(ci_same_stage_job_needs: false) + end + describe '#stages' do it 'returns the stage resources' do stages = seed.stages @@ -65,7 +69,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Seed::Pipeline do } expect(seed.errors).to contain_exactly( - "'invalid_job' job needs 'non-existent' job, but it was not added to the pipeline") + "'invalid_job' job needs 'non-existent' job, but 'non-existent' is not in any previous stage") end end end diff --git a/spec/lib/gitlab/ci/pipeline_object_hierarchy_spec.rb b/spec/lib/gitlab/ci/pipeline_object_hierarchy_spec.rb index 89602fe79d1..62ff7fcafea 100644 --- a/spec/lib/gitlab/ci/pipeline_object_hierarchy_spec.rb +++ b/spec/lib/gitlab/ci/pipeline_object_hierarchy_spec.rb @@ -12,6 +12,7 @@ RSpec.describe Gitlab::Ci::PipelineObjectHierarchy do let_it_be(:cousin_parent) { create(:ci_pipeline, project: project) } let_it_be(:cousin) { create(:ci_pipeline, project: project) } let_it_be(:triggered_pipeline) { create(:ci_pipeline) } + let_it_be(:triggered_child_pipeline) { create(:ci_pipeline) } before_all do create_source_pipeline(ancestor, parent) @@ -19,19 +20,20 @@ RSpec.describe Gitlab::Ci::PipelineObjectHierarchy do create_source_pipeline(parent, child) create_source_pipeline(cousin_parent, cousin) create_source_pipeline(child, triggered_pipeline) + create_source_pipeline(triggered_pipeline, triggered_child_pipeline) end describe '#base_and_ancestors' do it 'includes the base and its ancestors' do relation = described_class.new(::Ci::Pipeline.where(id: parent.id), - options: { same_project: true }).base_and_ancestors + options: { project_condition: :same }).base_and_ancestors expect(relation).to contain_exactly(ancestor, parent) end it 'can find ancestors upto a certain level' do relation = described_class.new(::Ci::Pipeline.where(id: child.id), - options: { same_project: true }).base_and_ancestors(upto: ancestor.id) + options: { project_condition: :same }).base_and_ancestors(upto: ancestor.id) expect(relation).to contain_exactly(parent, child) end @@ -39,7 +41,7 @@ RSpec.describe Gitlab::Ci::PipelineObjectHierarchy do describe 'hierarchy_order option' do let(:relation) do described_class.new(::Ci::Pipeline.where(id: child.id), - options: { same_project: true }).base_and_ancestors(hierarchy_order: hierarchy_order) + options: { project_condition: :same }).base_and_ancestors(hierarchy_order: hierarchy_order) end context ':asc' do @@ -63,15 +65,32 @@ RSpec.describe Gitlab::Ci::PipelineObjectHierarchy do describe '#base_and_descendants' do it 'includes the base and its descendants' do relation = described_class.new(::Ci::Pipeline.where(id: parent.id), - options: { same_project: true }).base_and_descendants + options: { project_condition: :same }).base_and_descendants expect(relation).to contain_exactly(parent, child) end + context 'when project_condition: :different' do + it "includes the base and other project pipelines" do + relation = described_class.new(::Ci::Pipeline.where(id: child.id), + options: { project_condition: :different }).base_and_descendants + + expect(relation).to contain_exactly(child, triggered_pipeline, triggered_child_pipeline) + end + end + + context 'when project_condition: nil' do + it "includes the base and its descendants with other project pipeline" do + relation = described_class.new(::Ci::Pipeline.where(id: parent.id)).base_and_descendants + + expect(relation).to contain_exactly(parent, child, triggered_pipeline, triggered_child_pipeline) + end + end + context 'when with_depth is true' do let(:relation) do described_class.new(::Ci::Pipeline.where(id: ancestor.id), - options: { same_project: true }).base_and_descendants(with_depth: true) + options: { project_condition: :same }).base_and_descendants(with_depth: true) end it 'includes depth in the results' do @@ -91,21 +110,51 @@ RSpec.describe Gitlab::Ci::PipelineObjectHierarchy do end describe '#all_objects' do - it 'includes its ancestors and descendants' do - relation = described_class.new(::Ci::Pipeline.where(id: parent.id), - options: { same_project: true }).all_objects + context 'when passing ancestors_base' do + let(:options) { { project_condition: project_condition } } + let(:ancestors_base) { ::Ci::Pipeline.where(id: child.id) } + + subject(:relation) { described_class.new(ancestors_base, options: options).all_objects } - expect(relation).to contain_exactly(ancestor, parent, child) + context 'when project_condition: :same' do + let(:project_condition) { :same } + + it "includes its ancestors and descendants" do + expect(relation).to contain_exactly(ancestor, parent, child) + end + end + + context 'when project_condition: :different' do + let(:project_condition) { :different } + + it "includes the base and other project pipelines" do + expect(relation).to contain_exactly(child, triggered_pipeline, triggered_child_pipeline) + end + end end - it 'returns all family tree' do - relation = described_class.new( - ::Ci::Pipeline.where(id: child.id), - described_class.new(::Ci::Pipeline.where(id: child.id), options: { same_project: true }).base_and_ancestors, - options: { same_project: true } - ).all_objects + context 'when passing ancestors_base and descendants_base' do + let(:options) { { project_condition: project_condition } } + let(:ancestors_base) { ::Ci::Pipeline.where(id: child.id) } + let(:descendants_base) { described_class.new(::Ci::Pipeline.where(id: child.id), options: options).base_and_ancestors } + + subject(:relation) { described_class.new(ancestors_base, descendants_base, options: options).all_objects } + + context 'when project_condition: :same' do + let(:project_condition) { :same } - expect(relation).to contain_exactly(ancestor, parent, cousin_parent, child, cousin) + it 'returns all family tree' do + expect(relation).to contain_exactly(ancestor, parent, cousin_parent, child, cousin) + end + end + + context 'when project_condition: :different' do + let(:project_condition) { :different } + + it "includes the base and other project pipelines" do + expect(relation).to contain_exactly(child, triggered_pipeline, triggered_child_pipeline) + end + end end end end diff --git a/spec/lib/gitlab/ci/reports/security/identifier_spec.rb b/spec/lib/gitlab/ci/reports/security/identifier_spec.rb new file mode 100644 index 00000000000..123730b6ee6 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/identifier_spec.rb @@ -0,0 +1,125 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Identifier do + using RSpec::Parameterized::TableSyntax + + describe '#initialize' do + subject { described_class.new(**params) } + + let(:params) do + { + external_type: 'brakeman_warning_code', + external_id: '107', + name: 'Brakeman Warning Code 107', + url: 'https://brakemanscanner.org/docs/warning_types/cross_site_scripting/' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + external_type: 'brakeman_warning_code', + external_id: '107', + fingerprint: 'aa2254904a69148ad14b6ac5db25b355da9c987f', + name: 'Brakeman Warning Code 107', + url: 'https://brakemanscanner.org/docs/warning_types/cross_site_scripting/' + ) + end + end + + %i[external_type external_id name].each do |attribute| + context "when attribute #{attribute} is missing" do + before do + params.delete(attribute) + end + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + end + end + + describe '#key' do + let(:identifier) { create(:ci_reports_security_identifier) } + + subject { identifier.key } + + it 'returns fingerprint' do + is_expected.to eq(identifier.fingerprint) + end + end + + describe '#type_identifier?' do + where(:external_type, :expected_result) do + 'cve' | false + 'foo' | false + 'cwe' | true + 'wasc' | true + end + + with_them do + let(:identifier) { create(:ci_reports_security_identifier, external_type: external_type) } + + subject { identifier.type_identifier? } + + it { is_expected.to be(expected_result) } + end + end + + describe 'external type check methods' do + where(:external_type, :is_cve?, :is_cwe?, :is_wasc?) do + 'Foo' | false | false | false + 'Cve' | true | false | false + 'Cwe' | false | true | false + 'Wasc' | false | false | true + end + + with_them do + let(:identifier) { create(:ci_reports_security_identifier, external_type: external_type) } + + it 'returns correct result for the type check method' do + expect(identifier.cve?).to be(is_cve?) + expect(identifier.cwe?).to be(is_cwe?) + expect(identifier.wasc?).to be(is_wasc?) + end + end + end + + describe '#to_hash' do + let(:identifier) { create(:ci_reports_security_identifier) } + + subject { identifier.to_hash } + + it 'returns expected hash' do + is_expected.to eq({ + external_type: identifier.external_type, + external_id: identifier.external_id, + fingerprint: identifier.fingerprint, + name: identifier.name, + url: identifier.url + }) + end + end + + describe '#==' do + where(:type_1, :id_1, :type_2, :id_2, :equal, :case_name) do + 'CVE' | '2018-1234' | 'CVE' | '2018-1234' | true | 'when external_type and external_id are equal' + 'CVE' | '2018-1234' | 'brakeman_code' | '2018-1234' | false | 'when external_type is different' + 'CVE' | '2018-1234' | 'CVE' | '2019-6789' | false | 'when external_id is different' + end + + with_them do + let(:identifier_1) { create(:ci_reports_security_identifier, external_type: type_1, external_id: id_1) } + let(:identifier_2) { create(:ci_reports_security_identifier, external_type: type_2, external_id: id_2) } + + it "returns #{params[:equal]}" do + expect(identifier_1 == identifier_2).to eq(equal) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/link_spec.rb b/spec/lib/gitlab/ci/reports/security/link_spec.rb new file mode 100644 index 00000000000..7b55af27f4d --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/link_spec.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Link do + subject(:security_link) { described_class.new(name: 'CVE-2020-0202', url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202') } + + describe '#initialize' do + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + name: 'CVE-2020-0202', + url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202' + ) + end + end + + describe '#to_hash' do + it 'returns expected hash' do + expect(security_link.to_hash).to eq( + { + name: 'CVE-2020-0202', + url: 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0202' + } + ) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scan_spec.rb b/spec/lib/gitlab/ci/reports/security/scan_spec.rb new file mode 100644 index 00000000000..b4968ff3a6e --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scan_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Scan do + describe '#initialize' do + subject { described_class.new(params.with_indifferent_access) } + + let(:params) do + { + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + ) + end + end + + describe '#to_hash' do + subject { described_class.new(params.with_indifferent_access).to_hash } + + it 'returns expected hash' do + is_expected.to eq( + { + status: 'success', + type: 'dependency-scanning', + start_time: 'placeholer', + end_time: 'placholder' + } + ) + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb b/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb new file mode 100644 index 00000000000..e9daa05e8b9 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scanned_resource_spec.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::ScannedResource do + let(:url) { 'http://example.com:3001/1?foo=bar' } + let(:request_method) { 'GET' } + + context 'when the URI is not a URI' do + subject { ::Gitlab::Ci::Reports::Security::ScannedResource.new(url, request_method) } + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + + context 'when the URL is valid' do + subject { ::Gitlab::Ci::Reports::Security::ScannedResource.new(URI.parse(url), request_method) } + + it 'sets the URL attributes' do + expect(subject.request_method).to eq(request_method) + expect(subject.request_uri.to_s).to eq(url) + expect(subject.url_scheme).to eq('http') + expect(subject.url_host).to eq('example.com') + expect(subject.url_port).to eq(3001) + expect(subject.url_path).to eq('/1') + expect(subject.url_query).to eq('foo=bar') + end + end +end diff --git a/spec/lib/gitlab/ci/reports/security/scanner_spec.rb b/spec/lib/gitlab/ci/reports/security/scanner_spec.rb new file mode 100644 index 00000000000..99f5d4723d3 --- /dev/null +++ b/spec/lib/gitlab/ci/reports/security/scanner_spec.rb @@ -0,0 +1,146 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Gitlab::Ci::Reports::Security::Scanner do + describe '#initialize' do + subject { described_class.new(**params) } + + let(:params) do + { + external_id: 'brakeman', + name: 'Brakeman', + vendor: 'GitLab', + version: '1.0.1' + } + end + + context 'when all params are given' do + it 'initializes an instance' do + expect { subject }.not_to raise_error + + expect(subject).to have_attributes( + external_id: 'brakeman', + name: 'Brakeman', + vendor: 'GitLab' + ) + end + end + + %i[external_id name].each do |attribute| + context "when attribute #{attribute} is missing" do + before do + params.delete(attribute) + end + + it 'raises an error' do + expect { subject }.to raise_error(ArgumentError) + end + end + end + end + + describe '#key' do + let(:scanner) { create(:ci_reports_security_scanner) } + + subject { scanner.key } + + it 'returns external_id' do + is_expected.to eq(scanner.external_id) + end + end + + describe '#to_hash' do + let(:scanner) { create(:ci_reports_security_scanner) } + + subject { scanner.to_hash } + + it 'returns expected hash' do + is_expected.to eq({ + external_id: scanner.external_id, + name: scanner.name, + vendor: scanner.vendor + }) + end + + context 'when vendor is not defined' do + let(:scanner) { create(:ci_reports_security_scanner, vendor: nil) } + + it 'returns expected hash' do + is_expected.to eq({ + external_id: scanner.external_id, + name: scanner.name + }) + end + end + end + + describe '#==' do + using RSpec::Parameterized::TableSyntax + + where(:id_1, :id_2, :equal, :case_name) do + 'brakeman' | 'brakeman' | true | 'when external_id is equal' + 'brakeman' | 'bandit' | false | 'when external_id is different' + end + + with_them do + let(:scanner_1) { create(:ci_reports_security_scanner, external_id: id_1) } + let(:scanner_2) { create(:ci_reports_security_scanner, external_id: id_2) } + + it "returns #{params[:equal]}" do + expect(scanner_1 == scanner_2).to eq(equal) + end + end + end + + describe '#<=>' do + using RSpec::Parameterized::TableSyntax + + let(:scanner_1) { create(:ci_reports_security_scanner, **scanner_1_attributes) } + let(:scanner_2) { create(:ci_reports_security_scanner, **scanner_2_attributes) } + + subject { scanner_1 <=> scanner_2 } + + context 'when the `external_id` of the scanners are different' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'bundler_audit', name: 'foo', vendor: 'bar' } | { external_id: 'retire.js', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'retire.js', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium-maven', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium-maven', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium-python', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium-python', name: 'foo', vendor: 'bar' } | { external_id: 'bandit', name: 'foo', vendor: 'bar' } | 1 + { external_id: 'bandit', name: 'foo', vendor: 'bar' } | { external_id: 'semgrep', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'semgrep', name: 'foo', vendor: 'bar' } | { external_id: 'unknown', name: 'foo', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'bar' } | { external_id: 'gemnasium', name: 'foo', vendor: nil } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + + context 'when the `external_id` of the scanners are equal' do + context 'when the `name` of the scanners are different' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'gemnasium', name: 'a', vendor: 'bar' } | { external_id: 'gemnasium', name: 'b', vendor: 'bar' } | -1 + { external_id: 'gemnasium', name: 'd', vendor: 'bar' } | { external_id: 'gemnasium', name: 'c', vendor: 'bar' } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + + context 'when the `name` of the scanners are equal' do + where(:scanner_1_attributes, :scanner_2_attributes, :expected_comparison_result) do + { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | 0 # rubocop:disable Lint/BinaryOperatorWithIdenticalOperands + { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | { external_id: 'gemnasium', name: 'foo', vendor: 'b' } | -1 + { external_id: 'gemnasium', name: 'foo', vendor: 'b' } | { external_id: 'gemnasium', name: 'foo', vendor: 'a' } | 1 + end + + with_them do + it { is_expected.to eq(expected_comparison_result) } + end + end + end + end +end diff --git a/spec/lib/gitlab/ci/reports/test_case_spec.rb b/spec/lib/gitlab/ci/reports/test_case_spec.rb index 668a475514e..d21359368b8 100644 --- a/spec/lib/gitlab/ci/reports/test_case_spec.rb +++ b/spec/lib/gitlab/ci/reports/test_case_spec.rb @@ -66,7 +66,7 @@ RSpec.describe Gitlab::Ci::Reports::TestCase, :aggregate_failures do end it '#attachment_url' do - expect(attachment_test_case.attachment_url).to match(/file\/some\/path.png/) + expect(attachment_test_case.attachment_url).to match(%r{file/some/path.png}) end end diff --git a/spec/lib/gitlab/ci/status/composite_spec.rb b/spec/lib/gitlab/ci/status/composite_spec.rb index 2b9523bd83d..cceabc35e85 100644 --- a/spec/lib/gitlab/ci/status/composite_spec.rb +++ b/spec/lib/gitlab/ci/status/composite_spec.rb @@ -82,25 +82,6 @@ RSpec.describe Gitlab::Ci::Status::Composite do it_behaves_like 'compares status and warnings' end - - context 'when FF ci_fix_pipeline_status_for_dag_needs_manual is disabled' do - before do - stub_feature_flags(ci_fix_pipeline_status_for_dag_needs_manual: false) - end - - where(:build_statuses, :dag, :result, :has_warnings) do - %i(success manual) | true | 'pending' | false - %i(success manual) | false | 'success' | false - end - - with_them do - let(:all_statuses) do - build_statuses.map { |status| @statuses_with_allow_failure[status] } - end - - it_behaves_like 'compares status and warnings' - end - end end end end diff --git a/spec/lib/gitlab/ci/templates/AWS/deploy_ecs_gitlab_ci_yaml_spec.rb b/spec/lib/gitlab/ci/templates/AWS/deploy_ecs_gitlab_ci_yaml_spec.rb index 653b3be0b2a..e8aeb93a2ba 100644 --- a/spec/lib/gitlab/ci/templates/AWS/deploy_ecs_gitlab_ci_yaml_spec.rb +++ b/spec/lib/gitlab/ci/templates/AWS/deploy_ecs_gitlab_ci_yaml_spec.rb @@ -6,7 +6,7 @@ RSpec.describe 'Deploy-ECS.gitlab-ci.yml' do subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('AWS/Deploy-ECS') } describe 'the created pipeline' do - let(:default_branch) { 'master' } + let(:default_branch) { project.default_branch_or_main } let(:pipeline_branch) { default_branch } let(:project) { create(:project, :auto_devops, :custom_repo, files: { 'README.md' => '' }) } let(:user) { project.owner } @@ -38,7 +38,7 @@ RSpec.describe 'Deploy-ECS.gitlab-ci.yml' do let(:pipeline_branch) { 'test_branch' } before do - project.repository.create_branch(pipeline_branch) + project.repository.create_branch(pipeline_branch, default_branch) end it_behaves_like 'no pipeline yaml error' diff --git a/spec/lib/gitlab/ci/templates/managed_cluster_applications_gitlab_ci_yaml_spec.rb b/spec/lib/gitlab/ci/templates/managed_cluster_applications_gitlab_ci_yaml_spec.rb index 0e458e01a2c..151880e27a3 100644 --- a/spec/lib/gitlab/ci/templates/managed_cluster_applications_gitlab_ci_yaml_spec.rb +++ b/spec/lib/gitlab/ci/templates/managed_cluster_applications_gitlab_ci_yaml_spec.rb @@ -12,7 +12,8 @@ RSpec.describe 'Managed-Cluster-Applications.gitlab-ci.yml' do let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_branch ) } let(:pipeline) { service.execute!(:push) } let(:build_names) { pipeline.builds.pluck(:name) } - let(:pipeline_branch) { 'master' } + let(:default_branch) { project.default_branch_or_main } + let(:pipeline_branch) { default_branch } before do stub_ci_pipeline_yaml_file(template.content) @@ -28,7 +29,7 @@ RSpec.describe 'Managed-Cluster-Applications.gitlab-ci.yml' do let(:pipeline_branch) { 'a_branch' } before do - project.repository.create_branch(pipeline_branch) + project.repository.create_branch(pipeline_branch, default_branch) end it 'has no jobs' do diff --git a/spec/lib/gitlab/ci/templates/terraform_latest_gitlab_ci_yaml_spec.rb b/spec/lib/gitlab/ci/templates/terraform_latest_gitlab_ci_yaml_spec.rb index 4377f155d34..5ab3035486f 100644 --- a/spec/lib/gitlab/ci/templates/terraform_latest_gitlab_ci_yaml_spec.rb +++ b/spec/lib/gitlab/ci/templates/terraform_latest_gitlab_ci_yaml_spec.rb @@ -10,7 +10,7 @@ RSpec.describe 'Terraform.latest.gitlab-ci.yml' do subject(:template) { Gitlab::Template::GitlabCiYmlTemplate.find('Terraform.latest') } describe 'the created pipeline' do - let(:default_branch) { 'master' } + let(:default_branch) { project.default_branch_or_main } let(:pipeline_branch) { default_branch } let(:project) { create(:project, :custom_repo, files: { 'README.md' => '' }) } let(:user) { project.owner } @@ -34,7 +34,7 @@ RSpec.describe 'Terraform.latest.gitlab-ci.yml' do let(:pipeline_branch) { 'patch-1' } before do - project.repository.create_branch(pipeline_branch) + project.repository.create_branch(pipeline_branch, default_branch) end it 'does not creates a deploy and a test job' do diff --git a/spec/lib/gitlab/ci/yaml_processor/dag_spec.rb b/spec/lib/gitlab/ci/yaml_processor/dag_spec.rb new file mode 100644 index 00000000000..af1b43f6b01 --- /dev/null +++ b/spec/lib/gitlab/ci/yaml_processor/dag_spec.rb @@ -0,0 +1,41 @@ +# frozen_string_literal: true + +require 'fast_spec_helper' + +RSpec.describe Gitlab::Ci::YamlProcessor::Dag do + let(:nodes) { {} } + + subject(:result) { described_class.new(nodes).tsort } + + context 'when it is a regular pipeline' do + let(:nodes) do + { 'job_c' => %w(job_b job_d), 'job_d' => %w(job_a), 'job_b' => %w(job_a), 'job_a' => %w() } + end + + it 'returns ordered jobs' do + expect(result).to eq(%w(job_a job_b job_d job_c)) + end + end + + context 'when there is a circular dependency' do + let(:nodes) do + { 'job_a' => %w(job_c), 'job_b' => %w(job_a), 'job_c' => %w(job_b) } + end + + it 'raises TSort::Cyclic' do + expect { result }.to raise_error(TSort::Cyclic, /topological sort failed/) + end + end + + context 'when there is a missing job' do + let(:nodes) do + { 'job_a' => %w(job_d), 'job_b' => %w(job_a) } + end + + it 'raises MissingNodeError' do + expect { result }.to raise_error( + Gitlab::Ci::YamlProcessor::Dag::MissingNodeError, 'node job_d is missing' + ) + end + end +end diff --git a/spec/lib/gitlab/ci/yaml_processor_spec.rb b/spec/lib/gitlab/ci/yaml_processor_spec.rb index e8e44f884cf..19c2e34a0f0 100644 --- a/spec/lib/gitlab/ci/yaml_processor_spec.rb +++ b/spec/lib/gitlab/ci/yaml_processor_spec.rb @@ -595,7 +595,15 @@ module Gitlab EOYML end - it_behaves_like 'has warnings and expected error', /build job: need test is not defined in prior stages/ + it_behaves_like 'has warnings and expected error', /build job: need test is not defined in current or prior stages/ + + context 'with ci_same_stage_job_needs FF disabled' do + before do + stub_feature_flags(ci_same_stage_job_needs: false) + end + + it_behaves_like 'has warnings and expected error', /build job: need test is not defined in prior stages/ + end end end end @@ -1648,8 +1656,6 @@ module Gitlab end it 'populates a build options with complete artifacts configuration' do - stub_feature_flags(ci_artifacts_exclude: true) - config = <<~YAML test: script: echo "Hello World" @@ -1860,7 +1866,7 @@ module Gitlab build2: { stage: 'build', script: 'test' }, test1: { stage: 'test', script: 'test', dependencies: dependencies }, test2: { stage: 'test', script: 'test' }, - deploy: { stage: 'test', script: 'test' } + deploy: { stage: 'deploy', script: 'test' } } end @@ -1893,7 +1899,15 @@ module Gitlab context 'dependencies to deploy' do let(:dependencies) { ['deploy'] } - it_behaves_like 'returns errors', 'test1 job: dependency deploy is not defined in prior stages' + it_behaves_like 'returns errors', 'test1 job: dependency deploy is not defined in current or prior stages' + + context 'with ci_same_stage_job_needs FF disabled' do + before do + stub_feature_flags(ci_same_stage_job_needs: false) + end + + it_behaves_like 'returns errors', 'test1 job: dependency deploy is not defined in prior stages' + end end context 'when a job depends on another job that references a not-yet defined stage' do @@ -1918,7 +1932,7 @@ module Gitlab } end - it_behaves_like 'returns errors', /is not defined in prior stages/ + it_behaves_like 'returns errors', /is not defined in current or prior stages/ end end @@ -1933,7 +1947,7 @@ module Gitlab parallel: { stage: 'build', script: 'test', parallel: 2 }, test1: { stage: 'test', script: 'test', needs: needs, dependencies: dependencies }, test2: { stage: 'test', script: 'test' }, - deploy: { stage: 'test', script: 'test' } + deploy: { stage: 'deploy', script: 'test' } } end @@ -1943,6 +1957,45 @@ module Gitlab it { is_expected.to be_valid } end + context 'needs a job from the same stage' do + let(:needs) { %w(test2) } + + it 'creates jobs with valid specifications' do + expect(subject.builds.size).to eq(7) + expect(subject.builds[0]).to eq( + stage: 'build', + stage_idx: 1, + name: 'build1', + only: { refs: %w[branches tags] }, + options: { + script: ['test'] + }, + when: 'on_success', + allow_failure: false, + yaml_variables: [], + job_variables: [], + root_variables_inheritance: true, + scheduling_type: :stage + ) + expect(subject.builds[4]).to eq( + stage: 'test', + stage_idx: 2, + name: 'test1', + only: { refs: %w[branches tags] }, + options: { script: ['test'] }, + needs_attributes: [ + { name: 'test2', artifacts: true, optional: false } + ], + when: 'on_success', + allow_failure: false, + yaml_variables: [], + job_variables: [], + root_variables_inheritance: true, + scheduling_type: :dag + ) + end + end + context 'needs two builds' do let(:needs) { %w(build1 build2) } @@ -2098,7 +2151,15 @@ module Gitlab context 'needs to deploy' do let(:needs) { ['deploy'] } - it_behaves_like 'returns errors', 'test1 job: need deploy is not defined in prior stages' + it_behaves_like 'returns errors', 'test1 job: need deploy is not defined in current or prior stages' + + context 'with ci_same_stage_job_needs FF disabled' do + before do + stub_feature_flags(ci_same_stage_job_needs: false) + end + + it_behaves_like 'returns errors', 'test1 job: need deploy is not defined in prior stages' + end end context 'needs and dependencies that are mismatching' do @@ -2769,6 +2830,29 @@ module Gitlab it_behaves_like 'returns errors', 'jobs:rspec:parallel should be an integer or a hash' end + + context 'when the pipeline has a circular dependency' do + let(:config) do + <<~YAML + job_a: + stage: test + script: build + needs: [job_c] + + job_b: + stage: test + script: test + needs: [job_a] + + job_c: + stage: test + script: deploy + needs: [job_b] + YAML + end + + it_behaves_like 'returns errors', 'The pipeline has circular dependencies.' + end end describe '#execute' do |