Merge branch...

Merge branch 'change_the_place_we_set_latest_pipeline_id_and_mark_project_as_vulnerable' into 'master'

Set `latest_pipeline_id` and mark project as vulnerable first

See merge request gitlab-org/gitlab!67165

ee/app/services/security/store_reports_service.rb

@@ -10,9 +10,9 @@ module Security
     end
 
     def execute
-      store_reports
-      mark_project_as_vulnerable!
       set_latest_pipeline!
+      mark_project_as_vulnerable!
+      store_reports
 
       errors.any? ? error(full_errors) : success
     end

ee/spec/services/security/store_reports_service_spec.rb

@@ -41,6 +41,26 @@ RSpec.describe Security::StoreReportsService do
         expect { execute_service_object }.to change { project.reload.vulnerability_statistic&.latest_pipeline_id }.from(nil).to(pipeline.id)
       end
 
+      context 'when the StoreReportService raises an error' do
+        let(:error) { RuntimeError.new('foo') }
+
+        before do
+          allow_next_instance_of(Security::StoreReportService) do |service_object|
+            allow(service_object).to receive(:execute).and_raise(error)
+          end
+        end
+
+        it 'marks the project as vulnerable' do
+          expect { execute_service_object }.to raise_error(error)
+                                           .and change { project.reload.project_setting.has_vulnerabilities }.from(false).to(true)
+        end
+
+        it 'updates the `latest_pipeline_id` attribute of the associated `vulnerability_statistic` record' do
+          expect { execute_service_object }.to raise_error(error)
+                                           .and change { project.reload.vulnerability_statistic&.latest_pipeline_id }.from(nil).to(pipeline.id)
+        end
+      end
+
       context 'when StoreReportService returns an error for a report' do
         let(:reports) { Gitlab::Ci::Reports::Security::Reports.new(pipeline) }
         let(:sast_report) { reports.get_report('sast', sast_artifact) }