Refine QA test

* Use Resource::Repository::Commit instead of ProjectPush * Do not overwrite default Project options * Remove job_log_json from spec * Mark QA test as flaky (as per https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31616#note_364833812) * Apply prettier formatting

Refine QA test
* Use Resource::Repository::Commit instead of ProjectPush * Do not overwrite default Project options * Remove job_log_json from spec * Mark QA test as flaky (as per https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31616#note_364833812) * Apply prettier formatting
696b84b2 · Michał Zając · 7a77698f · 696b84b2 · 696b84b2 · 696b84b2
Commit 696b84b2 authored Jun 19, 2020 by Michał Zając
6 changed files
--- a/ee/app/assets/javascripts/vulnerabilities/components/details.vue
+++ b/ee/app/assets/javascripts/vulnerabilities/components/details.vue
@@ -54,9 +54,17 @@ export default {

 <template>
  <div class="md" data-qa-selector="vulnerability_details">
-    <h1 class="mt-3 mb-2 border-bottom-0" data-testid="title">{{ vulnerability.title }}</h1>
+    <h1
+      class="mt-3 mb-2 border-bottom-0"
+      data-testid="title"
+      data-qa-selector="vulnerability_title"
+    >
+      {{ vulnerability.title }}
+    </h1>
    <h3 class="mt-0">{{ __('Description') }}</h3>
-    <p data-testid="description">{{ vulnerability.description }}</p>
+    <p data-testid="description" data-qa-selector="vulnerability_description">
+      {{ vulnerability.description }}
+    </p>

    <ul>
      <detail-item :sprintf-message="__('%{labelStart}Severity:%{labelEnd} %{severity}')">

--- a/qa/qa/ee/fixtures/secure_premade_reports/gl-container-scanning-report.json
+++ b/qa/qa/ee/fixtures/secure_premade_reports/gl-container-scanning-report.json
@@ -4,7 +4,7 @@
    {
      "category": "container_scanning",
      "message": "CVE-2017-18269 in glibc",
-      "description": "An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.",
+      "description": "Short description to match in specs",
      "cve": "debian:9:glibc:CVE-2017-18269",
      "severity": "Critical",
      "confidence": "Unknown",

--- a/qa/qa/ee/page/project/secure/vulnerability_details.rb
+++ b/qa/qa/ee/page/project/secure/vulnerability_details.rb
@@ -12,6 +12,8 @@ module QA

            view 'ee/app/assets/javascripts/vulnerabilities/components/details.vue' do
              element :vulnerability_details
+              element :vulnerability_title
+              element :vulnerability_description
            end

            view 'ee/app/assets/javascripts/vulnerabilities/components/footer.vue' do
@@ -21,6 +23,14 @@ module QA
            def has_component?(component_name:)
              has_element?(component_name.to_sym)
            end
+
+            def has_vulnerability_title?(title:)
+              has_element?(:vulnerability_title, text: title)
+            end
+
+            def has_vulnerability_description?(description:)
+              has_element?(:vulnerability_description, text: description)
+            end
          end
        end
      end

--- a/qa/qa/resource/repository/commit.rb
+++ b/qa/qa/resource/repository/commit.rb
@@ -29,6 +29,30 @@ module QA
          @add_files = files
        end

+        def add_directory(dir)
+          raise "Must set directory as a Pathname" unless dir.is_a?(Pathname)
+
+          files_to_add = []
+
+          dir.each_child do |child|
+            case child.ftype?
+            when "file"
+              files_to_add.append({
+                file_path: child.to_s,
+                content: child.read
+              })
+            when "directory"
+              add_directory(child)
+            else
+              continue
+            end
+          end
+
+          validate_files!(files_to_add)
+
+          @add_files.merge(files_to_add)
+        end
+
        def update_files(files)
          validate_files!(files)


--- a/qa/qa/specs/features/ee/browser_ui/secure/first_class_project_security_dashboard_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/first_class_project_security_dashboard_spec.rb
@@ -3,7 +3,8 @@
 module QA
  context 'Secure', :docker, :runner do
    describe 'Security Dashboard in a Project' do
-      let(:vuln_name) { "CVE-2017-18269 in glibc" }
+      let(:vulnerability_name) { "CVE-2017-18269 in glibc" }
+      let(:vulnerability_description) { "Short description to match in specs" }

      before(:all) do
        @executor = "qa-runner-#{Time.now.to_i}"
@@ -52,23 +53,23 @@ module QA

      after(:all) do
        @runner.remove_via_api!
-
-        Runtime::Feature.enable('job_log_json') if @job_log_json_flag_enabled
      end

-      it 'shows vulnerability details' do
+      it 'shows vulnerability details', quarantine: { type: :investigating } do
        @project.visit!

        Page::Project::Menu.perform(&:click_on_security_dashboard)

        EE::Page::Project::Secure::SecurityDashboard.perform do |security_dashboard|
-          expect(security_dashboard).to have_vulnerability(description: vuln_name)
-          security_dashboard.click_vulnerability(description: vuln_name)
+          expect(security_dashboard).to have_vulnerability(description: vulnerability_name)
+          security_dashboard.click_vulnerability(description: vulnerability_name)
        end

        EE::Page::Project::Secure::VulnerabilityDetails.perform do |vulnerability_details|
          expect(vulnerability_details).to have_component(component_name: :vulnerability_header)
          expect(vulnerability_details).to have_component(component_name: :vulnerability_details)
+          expect(vulnerability_details).to have_vulnerability_title(title: vulnerability_name)
+          expect(vulnerability_details).to have_vulnerability_description(description: vulnerability_description)
          expect(vulnerability_details).to have_component(component_name: :vulnerability_footer)
        end
      end

--- a/qa/qa/specs/features/ee/browser_ui/secure/vulnerability_management_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/vulnerability_management_spec.rb
@@ -25,8 +25,6 @@ module QA
        @project = Resource::Project.fabricate_via_api! do |p|
          p.name = Runtime::Env.auto_devops_project_name || 'project-with-secure'
          p.description = 'Project with Secure'
-          p.auto_devops_enabled = false
-          p.initialize_with_readme = true
        end

        @runner = Resource::Runner.fabricate! do |runner|
@@ -35,15 +33,16 @@ module QA
          runner.tags = %w[qa test]
        end

-        # Push fixture to generate Secure reports
-        @source = Resource::Repository::ProjectPush.fabricate! do |push|
-          push.project = @project
-          push.directory = Pathname
-            .new(__dir__)
-            .join('../../../../../ee/fixtures/secure_premade_reports')
-          push.commit_message = 'Create Secure compatible application to serve premade reports'
-          push.branch_name = 'secure-mr'
+        commit_message = 'Add premade security reports'
+        @commit = Resource::Repository::Commit.fabricate_via_api! do |commit|
+          commit.project = @project
+          commit.commit_message = commit_message
+          commit.branch = 'secure-mr'
+          commit.add_directory(
+            Pathname.new(__dir__).join('../../../../../ee/fixtures/secure_premade_reports')
+          )
        end
+        @project.wait_for_push(commit_message)

        @merge_request = Resource::MergeRequest.fabricate_via_api! do |mr|
          mr.project = @project