Guard Compliance CI evaluation against blank path

This change ensures the Compliance CI template is not evaluated if the compliance pipeline configuration location is blank (i.e. nil and empty string). Changelog: fixed EE: true

Guard Compliance CI evaluation against blank path
This change ensures the Compliance CI template is not evaluated if the compliance pipeline configuration location is blank (i.e. nil and empty string). Changelog: fixed EE: true
9706ba3a · Tan Le · b9771818 · 9706ba3a · 9706ba3a
Commit 9706ba3a authored Jun 29, 2021 by Tan Le
2 changed files
--- a/ee/lib/gitlab/ci/pipeline/chain/config/content/compliance.rb
+++ b/ee/lib/gitlab/ci/pipeline/chain/config/content/compliance.rb
@@ -10,7 +10,7 @@ module Gitlab
              def content
                strong_memoize(:content) do
                  next unless available?
-                  next unless pipeline_configuration_full_path
+                  next unless pipeline_configuration_full_path.present?

                  path_file, path_project = pipeline_configuration_full_path.split('@', 2)
                  YAML.dump('include' => [{ 'project' => path_project, 'file' => path_file }])

--- a/ee/spec/lib/gitlab/ci/pipeline/chain/config/content_spec.rb
+++ b/ee/spec/lib/gitlab/ci/pipeline/chain/config/content_spec.rb
@@ -8,9 +8,6 @@ RSpec.describe ::Gitlab::Ci::Pipeline::Chain::Config::Content do
  let(:content) { nil }
  let(:source) { :push }
  let(:command) { Gitlab::Ci::Pipeline::Chain::Command.new(project: project, content: content, source: source) }
-
-  subject { described_class.new(pipeline, command) }
-
  let(:content_result) do
    <<~EOY
    ---
@@ -20,6 +17,8 @@ RSpec.describe ::Gitlab::Ci::Pipeline::Chain::Config::Content do
    EOY
  end

+  subject { described_class.new(pipeline, command) }
+
  shared_examples 'does not include compliance pipeline configuration content' do
    it do
      subject.perform!
@@ -30,26 +29,56 @@ RSpec.describe ::Gitlab::Ci::Pipeline::Chain::Config::Content do
    end
  end

-  context 'when project has compliance pipeline configuration defined' do
+  context 'when project has compliance label defined' do
    let(:project) { create(:project, ci_config_path: ci_config_path) }
    let(:compliance_group) { create(:group, :private, name: "compliance") }
    let(:compliance_project) { create(:project, namespace: compliance_group, name: "hippa") }

-    let(:framework) { create(:compliance_framework, namespace_id: compliance_group.id, pipeline_configuration_full_path: ".compliance-gitlab-ci.yml@compliance/hippa") }
-    let!(:framework_project_setting) { create(:compliance_framework_project_setting, project: project, framework_id: framework.id) }
-
    context 'when feature is available' do
      before do
        stub_feature_flags(ff_evaluate_group_level_compliance_pipeline: true)
        stub_licensed_features(evaluate_group_level_compliance_pipeline: true)
      end

-      it 'includes compliance pipeline configuration content' do
-        subject.perform!
+      context 'when compliance pipeline configuration is defined' do
+        let(:framework) do
+          create(:compliance_framework,
+                 namespace: compliance_group,
+                 pipeline_configuration_full_path: ".compliance-gitlab-ci.yml@compliance/hippa")
+        end
+
+        let!(:framework_project_setting) do
+          create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework)
+        end

-        expect(pipeline.config_source).to eq 'compliance_source'
-        expect(pipeline.pipeline_config.content).to eq(content_result)
-        expect(command.config_content).to eq(content_result)
+        it 'includes compliance pipeline configuration content' do
+          subject.perform!
+
+          expect(pipeline.config_source).to eq 'compliance_source'
+          expect(pipeline.pipeline_config.content).to eq(content_result)
+          expect(command.config_content).to eq(content_result)
+        end
+      end
+
+      context 'when compliance pipeline configuration is not defined' do
+        let(:framework) { create(:compliance_framework, namespace: compliance_group) }
+        let!(:framework_project_setting) do
+          create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework)
+        end
+
+        it_behaves_like 'does not include compliance pipeline configuration content'
+      end
+
+      context 'when compliance pipeline configuration is empty' do
+        let(:framework) do
+          create(:compliance_framework, namespace: compliance_group, pipeline_configuration_full_path: '')
+        end
+
+        let!(:framework_project_setting) do
+          create(:compliance_framework_project_setting, project: project, compliance_management_framework: framework)
+        end
+
+        it_behaves_like 'does not include compliance pipeline configuration content'
      end
    end