Merge branch 'auto-fix-light-bulb' into 'master'

Add AutoFix Indicator to the Vulnerability Report Page See merge request gitlab-org/gitlab!48251

Merge branch 'auto-fix-light-bulb' into 'master'
Add AutoFix Indicator to the Vulnerability Report Page See merge request gitlab-org/gitlab!48251
66649862 · Mark Florian · 55b92a6b · 20061f40 · 66649862 · 66649862
Commit 66649862 authored Nov 27, 2020 by Mark Florian
9 changed files
--- a/ee/app/assets/javascripts/security_dashboard/components/project_vulnerabilities.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/project_vulnerabilities.vue
 <script>
-import produce from 'immer';
 import { GlAlert, GlLoadingIcon, GlIntersectionObserver } from '@gitlab/ui';
+import produce from 'immer';
 import { __ } from '~/locale';
-import VulnerabilityList from './vulnerability_list.vue';
-import vulnerabilitiesQuery from '../graphql/project_vulnerabilities.graphql';
 import securityScannersQuery from '../graphql/project_security_scanners.graphql';
-import { VULNERABILITIES_PER_PAGE } from '../store/constants';
+import vulnerabilitiesQuery from '../graphql/project_vulnerabilities.query.graphql';
+import vulnerabilitiesQueryAutoFix from '../graphql/project_vulnerabilities_autofix.query.graphql';
 import { preparePageInfo } from '../helpers';
+import { VULNERABILITIES_PER_PAGE } from '../store/constants';
+import VulnerabilityList from './vulnerability_list.vue';
+const query = gon?.features?.secureVulnerabilityAutofixIndicator
+  ? vulnerabilitiesQueryAutoFix
+  : vulnerabilitiesQuery;
 export default {
  name: 'ProjectVulnerabilitiesApp',
@@ -36,7 +41,7 @@ export default {
  },
  apollo: {
    vulnerabilities: {
-      query: vulnerabilitiesQuery,
+      query,
      variables() {
        return {
          fullPath: this.projectFullPath,

--- a/ee/app/assets/javascripts/security_dashboard/components/vulnerability_list.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/vulnerability_list.vue
@@ -8,6 +8,7 @@ import {
  GlSkeletonLoading,
  GlTooltipDirective,
  GlTable,
+  GlBadge,
 } from '@gitlab/ui';
 import RemediatedBadge from 'ee/vulnerabilities/components/remediated_badge.vue';
 import FiltersProducedNoResults from 'ee/security_dashboard/components/empty_states/filters_produced_no_results.vue';
@@ -36,6 +37,7 @@ export default {
    GlSkeletonLoading,
    GlSprintf,
    GlTable,
+    GlBadge,
    GlTruncate,
    IssuesBadge,
    LocalStorageSync,
@@ -433,6 +435,14 @@ export default {
      <template #cell(activity)="{ item }">
        <div class="gl-display-flex gl-justify-content-end">
+          <gl-badge
+            v-if="item.solutions"
+            v-gl-tooltip
+            data-testid="vulnerability-solutions-bulb"
+            variant="neutral"
+            icon="bulb"
+            :title="s__('AutoRemediation|Auto-fix solution available')"
+          />
          <issues-badge v-if="issues(item).length > 0" :issues="issues(item)" />
          <remediated-badge v-if="item.resolvedOnDefaultBranch" class="gl-ml-3" />
        </div>

--- a/ee/app/assets/javascripts/security_dashboard/graphql/project_vulnerabilities.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/project_vulnerabilities.graphql
--- a/ee/app/assets/javascripts/security_dashboard/graphql/project_vulnerabilities_autofix.query.graphql
+++ b/ee/app/assets/javascripts/security_dashboard/graphql/project_vulnerabilities_autofix.query.graphql
+#import "~/graphql_shared/fragments/pageInfoCursorsOnly.fragment.graphql"
+#import "./vulnerability.fragment.graphql"
+query project(
+  $fullPath: ID!
+  $after: String
+  $first: Int
+  $severity: [VulnerabilitySeverity!]
+  $reportType: [VulnerabilityReportType!]
+  $scanner: [String!]
+  $state: [VulnerabilityState!]
+  $sort: VulnerabilitySort
+) {
+  project(fullPath: $fullPath) {
+    vulnerabilities(
+      after: $after
+      first: $first
+      severity: $severity
+      reportType: $reportType
+      scanner: $scanner
+      state: $state
+      sort: $sort
+    ) {
+      nodes {
+        ...Vulnerability
+        solutions
+      }
+      pageInfo {
+        ...PageInfo
+      }
+    }
+  }
+}
--- a/ee/app/controllers/projects/security/vulnerability_report_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerability_report_controller.rb
@@ -5,6 +5,10 @@ module Projects
    class VulnerabilityReportController < Projects::ApplicationController
      include SecurityDashboardsPermissions
+      before_action do
+        push_frontend_feature_flag(:secure_vulnerability_autofix_indicator, @project)
+      end
      feature_category :vulnerability_management
      alias_method :vulnerable, :project

--- a/ee/config/feature_flags/development/secure_vulnerability_autofix_indicator.yml
+++ b/ee/config/feature_flags/development/secure_vulnerability_autofix_indicator.yml
+---
+name: secure_vulnerability_autofix_indicator
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/48251/
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/288347
+milestone: '13.7'
+type: development
+group: group::composition analysis
+default_enabled: false
--- a/ee/spec/frontend/security_dashboard/components/mock_data.js
+++ b/ee/spec/frontend/security_dashboard/components/mock_data.js
@@ -2,6 +2,7 @@ export const generateVulnerabilities = () => [
  {
    id: 'id_0',
    detectedAt: '2020-07-29T15:36:54Z',
+    solutions: true,
    identifiers: [
      {
        externalType: 'cve',
@@ -34,6 +35,7 @@ export const generateVulnerabilities = () => [
  {
    id: 'id_1',
    detectedAt: '2020-07-22T19:31:24Z',
+    solutions: false,
    identifiers: [
      {
        externalType: 'gemnasium',

--- a/ee/spec/frontend/security_dashboard/components/vulnerability_list_spec.js
+++ b/ee/spec/frontend/security_dashboard/components/vulnerability_list_spec.js
@@ -47,6 +47,7 @@ describe('Vulnerability list component', () => {
  const findRows = () => wrapper.findAll('tbody tr');
  const findRow = (index = 0) => findRows().at(index);
  const findRowById = id => wrapper.find(`tbody tr[data-pk="${id}"`);
+  const findAutoFixBulbInRow = row => row.find('[data-testid="vulnerability-solutions-bulb"]');
  const findIssuesBadge = (index = 0) => wrapper.findAll(IssuesBadge).at(index);
  const findRemediatedBadge = () => wrapper.find(RemediatedBadge);
  const findSecurityScannerAlert = () => wrapper.find(SecurityScannerAlert);
@@ -105,6 +106,14 @@ describe('Vulnerability list component', () => {
      expect(findRemediatedBadge().exists()).toBe(true);
    });
+    it('should display autoFixIcon for first Item', () => {
+      expect(findAutoFixBulbInRow(findRow(0)).exists()).toBe(true);
+    });
+    it('should not display autoFixIcon for second Item', () => {
+      expect(findAutoFixBulbInRow(findRow(1)).exists()).toBe(false);
+    });
    it('should correctly render the identifier cell', () => {
      const identifiers = findDataCells('vulnerability-identifier');
      const extraIdentifierCounts = findDataCells('vulnerability-more-identifiers');

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -4099,6 +4099,9 @@ msgstr ""
 msgid "AutoRemediation|%{mrsCount} ready for review"
 msgstr ""
+msgid "AutoRemediation|Auto-fix solution available"
+msgstr ""
 msgid "AutoRemediation|Auto-fix solutions"
 msgstr ""