Commit 178deb90 authored by Vitali Tatarintev's avatar Vitali Tatarintev

Merge branch '227114_remove_resolved_on_default_branch_method' into 'master'

Remove `resolved_on_default_branch` method from Vulnerability model

See merge request gitlab-org/gitlab!40387
parents 6523bd4a 0f71e44a
...@@ -152,23 +152,6 @@ class Vulnerability < ApplicationRecord ...@@ -152,23 +152,6 @@ class Vulnerability < ApplicationRecord
true true
end end
def resolved_on_default_branch
return false unless findings.any?
# We can't just use project.latest_successful_pipeline_for_default_branch
# because there's no guarantee that it actually ran the security jobs
# See https://gitlab.com/gitlab-org/gitlab/-/issues/218012
latest_successful_pipeline = project
.latest_pipeline_with_security_reports(only_successful: true)
# Technically this shouldn't ever happen.
# If an vulnerability was discovered, then we must have ran a scan of the
# appropriate type at least once.
return false unless latest_successful_pipeline
finding.pipelines.exclude?(latest_successful_pipeline)
end
def user_notes_count def user_notes_count
user_notes_count_service.count user_notes_count_service.count
end end
......
...@@ -296,38 +296,6 @@ RSpec.describe Vulnerability do ...@@ -296,38 +296,6 @@ RSpec.describe Vulnerability do
it { is_expected.to delegate_method(:name).to(:group).with_prefix.allow_nil } it { is_expected.to delegate_method(:name).to(:group).with_prefix.allow_nil }
end end
describe '#resolved_on_default_branch' do
let_it_be(:project) { create(:project, :repository, :with_vulnerability) }
let_it_be(:pipeline_with_vulnerability) { create(:ee_ci_pipeline, :success, :with_sast_report, project: project, sha: project.commit.id) }
let_it_be(:vulnerability) { project.vulnerabilities.first }
let_it_be(:finding1) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) }
let_it_be(:finding2) { create(:vulnerabilities_occurrence, vulnerability: vulnerability, pipelines: [pipeline_with_vulnerability]) }
subject { vulnerability.resolved_on_default_branch }
context 'Vulnerability::Finding is present on the pipeline for default branch' do
it { is_expected.to eq(false) }
context 'but pipeline is failed' do
let!(:unsucessful_pipeline_with_vulnerability) { create(:ee_ci_pipeline, :with_sast_report, :failed, project: project, sha: project.commit.id) }
it { is_expected.to eq(false) }
end
end
context 'Vulnerability::Finding is not present on the latest pipeline without security job' do
let!(:pipeline_without_security_job) { create(:ee_ci_pipeline, :success, project: project, sha: project.commit.id) }
it { is_expected.to eq(false) }
end
context 'Vulnerability::Finding is not present on the pipeline for default branch' do
let!(:pipeline_without_vulnerability) { create(:ee_ci_pipeline, :success, :with_sast_report, project: project, sha: project.commit.id) }
it { is_expected.to eq(true) }
end
end
describe '#resource_parent' do describe '#resource_parent' do
let(:vulnerability) { build(:vulnerability) } let(:vulnerability) { build(:vulnerability) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment