Merge branch 'security-463-dl-pagination' into 'master'

Add pagination to Dependencies API See merge request gitlab-org/security/gitlab!1679

Merge branch 'security-463-dl-pagination' into 'master'
Add pagination to Dependencies API See merge request gitlab-org/security/gitlab!1679
441cdc98 · GitLab Release Tools Bot · 701207ef · 5eeb9976 · 441cdc98 · 441cdc98
Commit 441cdc98 authored Sep 27, 2021 by GitLab Release Tools Bot
Showing with 28 additions and 3 deletions

doc/api/dependencies.md doc/api/dependencies.md +10 -0

ee/lib/api/dependencies.rb ee/lib/api/dependencies.rb +4 -1

ee/spec/requests/api/dependencies_spec.rb ee/spec/requests/api/dependencies_spec.rb +14 -2

No files found.
--- a/doc/api/dependencies.md
+++ b/doc/api/dependencies.md
@@ -11,6 +11,9 @@ This API is in an alpha stage and considered unstable.
 The response payload may be subject to change or breakage
 across GitLab releases.

+> - Introduced in GitLab 12.1.
+> - Pagination introduced in 14.4.
+
 Every call to this endpoint requires authentication. To perform this call, user should be authorized to read repository.
 To see vulnerabilities in response, user should be authorized to read
 [Project Security Dashboard](../user/application_security/security_dashboard/index.md#project-security-dashboard).
@@ -60,3 +63,10 @@ Example response:
    }
 ]
 ```
+
+## Dependencies pagination
+
+By default, `GET` requests return 20 results at a time because the API results
+are paginated.
+
+Read more on [pagination](index.md#pagination).
--- a/ee/lib/api/dependencies.rb
+++ b/ee/lib/api/dependencies.rb
@@ -2,6 +2,8 @@

 module API
  class Dependencies < ::API::Base
+    include PaginationParams
+
    feature_category :dependency_scanning

    helpers do
@@ -31,6 +33,7 @@ module API
                 coerce_with: Validations::Types::CommaSeparatedToArray.coerce,
                 desc: "Returns dependencies belonging to specified package managers: #{::Security::DependencyListService::FILTER_PACKAGE_MANAGERS_VALUES.join(', ')}.",
                 values: ::Security::DependencyListService::FILTER_PACKAGE_MANAGERS_VALUES
+        use :pagination
      end

      get ':id/dependencies' do
@@ -39,7 +42,7 @@ module API
        ::Gitlab::Tracking.event(self.options[:for].name, 'view_dependencies', project: user_project, user: current_user, namespace: user_project.namespace)

        dependency_params = declared_params(include_missing: false).merge(project: user_project)
-        dependencies = dependencies_by(dependency_params)
+        dependencies = paginate(::Gitlab::ItemsCollection.new(dependencies_by(dependency_params)))

        present dependencies, with: ::EE::API::Entities::Dependency, user: current_user, project: user_project
      end

--- a/ee/spec/requests/api/dependencies_spec.rb
+++ b/ee/spec/requests/api/dependencies_spec.rb
@@ -28,11 +28,12 @@ RSpec.describe API::Dependencies do
        request
      end

-      it 'returns all dependencies' do
+      it 'returns paginated dependencies' do
        expect(response).to have_gitlab_http_status(:ok)
        expect(response).to match_response_schema('public_api/v4/dependencies', dir: 'ee')
+        expect(response).to include_pagination_headers

-        expect(json_response.length).to eq(21)
+        expect(json_response.length).to eq(20)
      end

      it 'returns vulnerabilities info' do
@@ -71,6 +72,17 @@ RSpec.describe API::Dependencies do
          end
        end
      end
+
+      context 'with pagination params' do
+        let(:params) { { per_page: 5, page: 5 } }
+
+        it 'returns paginated dependencies' do
+          expect(response).to match_response_schema('public_api/v4/dependencies', dir: 'ee')
+          expect(response).to include_pagination_headers
+
+          expect(json_response.length).to eq(1)
+        end
+      end
    end

    context 'without permissions to see vulnerabilities' do