Add hasSecurityReports to GraphQL MergeRequestType

Update docs, schema, and tests

Add hasSecurityReports to GraphQL MergeRequestType
Update docs, schema, and tests
66019cdb · Jonathan Schafer · Luke Duncalfe · 33f7a2bc · 66019cdb · 66019cdb
Commit 66019cdb authored Feb 15, 2021 by Jonathan Schafer Committed by Luke Duncalfe Feb 15, 2021
8 changed files
--- a/doc/api/graphql/reference/gitlab_schema.graphql
+++ b/doc/api/graphql/reference/gitlab_schema.graphql
@@ -15259,6 +15259,11 @@ type MergeRequest implements CurrentUserTodos & Noteable {
  """
  hasCi: Boolean!
+  """
+  Indicates if the source branch has any security reports.
+  """
+  hasSecurityReports: Boolean!
  """
  The pipeline running on the branch HEAD of the merge request.
  """

--- a/doc/api/graphql/reference/gitlab_schema.json
+++ b/doc/api/graphql/reference/gitlab_schema.json
@@ -41641,6 +41641,24 @@
              "isDeprecated": false,
              "deprecationReason": null
            },
+            {
+              "name": "hasSecurityReports",
+              "description": "Indicates if the source branch has any security reports.",
+              "args": [
+              ],
+              "type": {
+                "kind": "NON_NULL",
+                "name": null,
+                "ofType": {
+                  "kind": "SCALAR",
+                  "name": "Boolean",
+                  "ofType": null
+                }
+              },
+              "isDeprecated": false,
+              "deprecationReason": null
+            },
            {
              "name": "headPipeline",
              "description": "The pipeline running on the branch HEAD of the merge request.",
--- a/doc/api/graphql/reference/index.md
+++ b/doc/api/graphql/reference/index.md
@@ -2309,6 +2309,7 @@ Autogenerated return type of MarkAsSpamSnippet.
 | `downvotes` | Int! | Number of downvotes for the merge request. |
 | `forceRemoveSourceBranch` | Boolean | Indicates if the project settings will lead to source branch deletion after merge. |
 | `hasCi` | Boolean! | Indicates if the merge request has CI. |
+| `hasSecurityReports` | Boolean! | Indicates if the source branch has any security reports. |
 | `headPipeline` | Pipeline | The pipeline running on the branch HEAD of the merge request. |
 | `id` | ID! | ID of the merge request. |
 | `iid` | String! | Internal ID of the merge request. |

--- a/ee/app/graphql/ee/types/merge_request_type.rb
+++ b/ee/app/graphql/ee/types/merge_request_type.rb
@@ -14,6 +14,11 @@ module EE
              description: 'Number of approvals required.'
        field :merge_trains_count, GraphQL::INT_TYPE, null: true,
              description: 'Number of merge requests in the merge train.'
+        field :has_security_reports, GraphQL::BOOLEAN_TYPE,
+              null: false, calls_gitaly: true,
+              method: :has_security_reports?,
+              description: 'Indicates if the source branch has any security reports.'
      end
      def merge_trains_count

--- a/ee/app/models/ee/merge_request.rb
+++ b/ee/app/models/ee/merge_request.rb
@@ -169,6 +169,10 @@ module EE
      }
    end
+    def has_security_reports?
+      !!actual_head_pipeline&.has_reports?(::Ci::JobArtifact.security_reports)
+    end
    def has_dependency_scanning_reports?
      !!actual_head_pipeline&.has_reports?(::Ci::JobArtifact.dependency_list_reports)
    end

--- a/ee/changelogs/unreleased/275818-be-add-info-error-messages-to-security-widget-summary.yml
+++ b/ee/changelogs/unreleased/275818-be-add-info-error-messages-to-security-widget-summary.yml
+---
+title: Add hasSecurityReports field to GraphQL MergeRequest type
+merge_request: 53925
+author:
+type: added
--- a/ee/spec/graphql/ee/types/merge_request_type_spec.rb
+++ b/ee/spec/graphql/ee/types/merge_request_type_spec.rb
@@ -6,4 +6,5 @@ RSpec.describe GitlabSchema.types['MergeRequest'] do
  it { expect(described_class).to have_graphql_fields(:approvals_required, :merge_trains_count).at_least }
  it { expect(described_class).to have_graphql_field(:approved, complexity: 2, calls_gitaly?: true) }
  it { expect(described_class).to have_graphql_field(:approvals_left, complexity: 2, calls_gitaly?: true) }
+  it { expect(described_class).to have_graphql_field(:has_security_reports, calls_gitaly?: true) }
 end
--- a/ee/spec/models/merge_request_spec.rb
+++ b/ee/spec/models/merge_request_spec.rb
@@ -288,6 +288,28 @@ RSpec.describe MergeRequest do
    end
  end
+  describe '#has_security_reports?' do
+    subject { merge_request.has_security_reports? }
+    let_it_be(:project) { create(:project, :repository) }
+    before do
+      stub_licensed_features(dast: true)
+    end
+    context 'when head pipeline has security reports' do
+      let(:merge_request) { create(:ee_merge_request, :with_dast_reports, source_project: project) }
+      it { is_expected.to be_truthy }
+    end
+    context 'when head pipeline does not have security reports' do
+      let(:merge_request) { create(:ee_merge_request, source_project: project) }
+      it { is_expected.to be_falsey }
+    end
+  end
  describe '#has_license_scanning_reports?' do
    subject { merge_request.has_license_scanning_reports? }