Commit 37456cb6 authored by Markus Koller's avatar Markus Koller

Merge branch 'always-run-dast-cleanup' into 'master'

Always run the stop_dast_environment job

See merge request gitlab-org/gitlab!36372
parents 7ee1b1f9 91cb02db
---
title: Always run the stop_dast_environment
merge_request: 36372
author:
type: fixed
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml' do
subject(:template) do
<<~YAML
stages:
- review
- dast
- cleanup
include:
- template: 'Jobs/DAST-Default-Branch-Deploy.gitlab-ci.yml'
- template: 'Security/DAST.gitlab-ci.yml'
placeholder:
stage: review
script:
- keep pipeline validator happy by having a job when stages are intentionally empty
YAML
end
describe 'the created pipeline' do
let(:user) { create(:admin) }
let(:project) do
create(:project, :repository, variables: [
build(:ci_variable, key: 'CI_KUBERNETES_ACTIVE', value: 'true')
])
end
let(:default_branch) { 'master' }
let(:pipeline_ref) { default_branch }
let(:service) { Ci::CreatePipelineService.new(project, user, ref: pipeline_ref) }
let(:pipeline) { service.execute!(:push) }
let(:build_names) { pipeline.builds.pluck(:name) }
before do
stub_ci_pipeline_yaml_file(template)
allow_any_instance_of(Ci::BuildScheduleWorker).to receive(:perform).and_return(true)
allow(project).to receive(:default_branch).and_return(default_branch)
end
it 'has no errors' do
expect(pipeline.errors).to be_empty
end
context 'when project has no license' do
it 'includes no DAST jobs' do
expect(build_names).to eq %w(placeholder)
end
end
context 'when project has Ultimate license' do
let(:license) { create(:license, plan: License::ULTIMATE_PLAN) }
before do
allow(License).to receive(:current).and_return(license)
end
context 'default branch' do
it 'includes the DAST environment jobs by default' do
expect(build_names).to include('dast_environment_deploy')
expect(build_names).to include('stop_dast_environment')
end
it 'always runs the cleanup job' do
expect(pipeline.builds.find_by(name: 'stop_dast_environment').when).to eq('always')
end
it 'does not include the DAST environment jobs when DAST_DISABLED' do
create(:ci_variable, project: project, key: 'DAST_DISABLED', value: '1')
expect(build_names).not_to include('dast_environment_deploy')
expect(build_names).not_to include('stop_dast_environment')
end
end
context 'on another branch' do
let(:pipeline_ref) { 'feature' }
it 'does not include DAST environment jobs' do
expect(build_names).not_to include('dast_environment_deploy')
expect(build_names).not_to include('stop_dast_environment')
end
end
end
end
end
...@@ -51,3 +51,4 @@ stop_dast_environment: ...@@ -51,3 +51,4 @@ stop_dast_environment:
- if: $CI_COMMIT_BRANCH && - if: $CI_COMMIT_BRANCH &&
$CI_KUBERNETES_ACTIVE && $CI_KUBERNETES_ACTIVE &&
$GITLAB_FEATURES =~ /\bdast\b/ $GITLAB_FEATURES =~ /\bdast\b/
when: always
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment