Extend GraphQL Ci::PipelineType to include Security Report Findings

- Fix broken spec
- Fix rubocop issues

doc/api/graphql/reference/index.md

@@ -2964,7 +2964,7 @@ Information about pagination in a connection.
 | `path` | String | Relative path to the pipeline's page. |
 | `project` | Project | Project the pipeline belongs to. |
 | `retryable` | Boolean! | Specifies if a pipeline can be retried. |
-| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline |
+| `securityReportFindings` | PipelineSecurityReportFindingConnection | Vulnerability findings reported on the pipeline. |
 | `securityReportSummary` | SecurityReportSummary | Vulnerability and scanned resource counts for each security scanner of the pipeline. |
 | `sha` | String! | SHA of the pipeline's commit. |
 | `sourceJob` | CiJob | Job where pipeline was triggered from. |
@@ -3035,18 +3035,18 @@ Represents vulnerability finding of a security report on the pipeline.
 
 | Field | Type | Description |
 | ----- | ---- | ----------- |
-| `confidence` | String | Type of the security report that found the vulnerability  |
-| `description` | String | Description of the vulnerability finding |
+| `confidence` | String | Type of the security report that found the vulnerability. |
+| `description` | String | Description of the vulnerability finding. |
 | `identifiers` | VulnerabilityIdentifier! => Array | Identifiers of the vulnerabilit finding. |
-| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability |
-| `name` | String | Name of the vulnerability finding |
-| `project` | Project | The project on which the vulnerability finding was found |
-| `projectFingerprint` | String | Name of the vulnerability finding |
-| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding |
+| `location` | VulnerabilityLocation | Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability. |
+| `name` | String | Name of the vulnerability finding. |
+| `project` | Project | The project on which the vulnerability finding was found. |
+| `projectFingerprint` | String | Name of the vulnerability finding. |
+| `reportType` | VulnerabilityReportType | Type of the security report that found the vulnerability finding. |
 | `scanner` | VulnerabilityScanner | Scanner metadata for the vulnerability. |
-| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding |
-| `solution` | String | URL to the vulnerability's details page |
-| `uuid` | String | Name of the vulnerability finding |
+| `severity` | VulnerabilitySeverity | Severity of the vulnerability finding. |
+| `solution` | String | URL to the vulnerability's details page. |
+| `uuid` | String | Name of the vulnerability finding. |
 
 ### Project
 

ee/app/graphql/ee/types/ci/pipeline_type.rb

@@ -17,7 +17,7 @@ module EE
           field :security_report_findings,
             ::Types::PipelineSecurityReportFindingType.connection_type,
             null: true,
-            description: 'Vulnerability findings reported on the pipeline',
+            description: 'Vulnerability findings reported on the pipeline.',
             resolver: ::Resolvers::PipelineSecurityReportFindingsResolver
         end
       end

ee/app/graphql/resolvers/pipeline_security_report_findings_resolver.rb

@@ -23,6 +23,3 @@ module Resolvers
     end
   end
 end
-
- 
-  
\ No newline at end of file

ee/app/graphql/types/pipeline_security_report_finding_type.rb

@@ -8,16 +8,16 @@ module Types
     description 'Represents vulnerability finding of a security report on the pipeline'
 
     field :report_type, VulnerabilityReportTypeEnum, null: true,
-          description: "Type of the security report that found the vulnerability finding"  
+          description: 'Type of the security report that found the vulnerability finding.'
 
     field :name, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
+          description: 'Name of the vulnerability finding.'
 
     field :severity, VulnerabilitySeverityEnum, null: true,
-          description: "Severity of the vulnerability finding" 
+          description: 'Severity of the vulnerability finding.'
 
     field :confidence, GraphQL::STRING_TYPE, null: true,
-          description: "Type of the security report that found the vulnerability "      
+          description: 'Type of the security report that found the vulnerability.'
 
     field :scanner, VulnerabilityScannerType, null: true,
           description: 'Scanner metadata for the vulnerability.'
@@ -26,23 +26,23 @@ module Types
           description: 'Identifiers of the vulnerabilit finding.'
 
     field :project_fingerprint, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
+          description: 'Name of the vulnerability finding.'
 
     field :uuid, GraphQL::STRING_TYPE, null: true,
-          description: 'Name of the vulnerability finding'
+          description: 'Name of the vulnerability finding.'
 
     field :project, ::Types::ProjectType, null: true,
-          description: 'The project on which the vulnerability finding was found',
+          description: 'The project on which the vulnerability finding was found.',
           authorize: :read_project
 
     field :description, GraphQL::STRING_TYPE, null: true,
-          description: 'Description of the vulnerability finding'
+          description: 'Description of the vulnerability finding.'
 
     field :location, VulnerabilityLocationType, null: true,
-          description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability'
+          description: 'Location metadata for the vulnerability. Its fields depend on the type of security scan that found the vulnerability.'
 
     field :solution, GraphQL::STRING_TYPE, null: true,
-          description: "URL to the vulnerability's details page"
+          description: "URL to the vulnerability's details page."
 
     def location
       object.location&.merge(report_type: object.report_type)

ee/spec/graphql/resolvers/pipeline_security_report_findings_resolver_spec.rb

@@ -18,7 +18,9 @@ RSpec.describe Resolvers::PipelineSecurityReportFindingsResolver do
     let(:params) { {} }
 
     before do
-      allow_any_instance_of(Security::PipelineVulnerabilitiesFinder).to receive_message_chain(:execute, :findings).and_return(returned_findings)
+      allow_next_instance_of(Security::PipelineVulnerabilitiesFinder) do |instance|
+        allow(instance).to receive_message_chain(:execute, :findings).and_return(returned_findings)
+      end
     end
 
     context 'when given severities' do

ee/spec/graphql/types/pipeline_security_report_finding_type_spec.rb

@@ -15,8 +15,7 @@ RSpec.describe GitlabSchema.types['PipelineSecurityReportFinding'] do
        project
        description
        location
-       solution
-    ]
+       solution]
   end
 
   specify { expect(described_class.graphql_name).to eq('PipelineSecurityReportFinding') }

spec/graphql/types/ci/pipeline_type_spec.rb

@@ -16,7 +16,7 @@ RSpec.describe Types::Ci::PipelineType do
     ]
 
     if Gitlab.ee?
-      expected_fields << 'security_report_summary'
+      expected_fields += %w[security_report_summary security_report_findings]
     end
 
     expect(described_class).to have_graphql_fields(*expected_fields)