Commit c37c54e4 authored by Saikat Sarkar's avatar Saikat Sarkar

Merge branch 'add_latest_column_into_security_scans_table' into 'master'

Add `latest` column into `security_scans` table

See merge request gitlab-org/gitlab!69494
parents fa20e35d 794d1c2f
# frozen_string_literal: true
class AddLatestColumnIntoTheSecurityScansTable < Gitlab::Database::Migration[1.0]
def up
with_lock_retries do
add_column :security_scans, :latest, :boolean, default: true, null: false
end
end
def down
with_lock_retries do
remove_column :security_scans, :latest
end
end
end
d7be9a34d626e507add67f407a6fa0b45f16b244e8ebeeb071debc538fa25b49
\ No newline at end of file
...@@ -19004,7 +19004,8 @@ CREATE TABLE security_scans ( ...@@ -19004,7 +19004,8 @@ CREATE TABLE security_scans (
scan_type smallint NOT NULL, scan_type smallint NOT NULL,
info jsonb DEFAULT '{}'::jsonb NOT NULL, info jsonb DEFAULT '{}'::jsonb NOT NULL,
project_id bigint, project_id bigint,
pipeline_id bigint pipeline_id bigint,
latest boolean DEFAULT true NOT NULL
); );
CREATE SEQUENCE security_scans_id_seq CREATE SEQUENCE security_scans_id_seq
...@@ -19,12 +19,11 @@ module Security ...@@ -19,12 +19,11 @@ module Security
end end
def execute def execute
return deduplicate if security_scan.has_errors? set_security_scan_non_latest! if artifact.job.retried?
StoreFindingsMetadataService.execute(security_scan, security_report) return deduplicate if security_scan.has_errors? || !security_scan.latest?
deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
deduplicate_findings? store_findings
end end
private private
...@@ -48,6 +47,17 @@ module Security ...@@ -48,6 +47,17 @@ module Security
end end
end end
def store_findings
StoreFindingsMetadataService.execute(security_scan, security_report)
deduplicate_findings? ? update_deduplicated_findings : register_finding_keys
deduplicate_findings?
end
def set_security_scan_non_latest!
security_scan.update!(latest: false)
end
def deduplicate_findings? def deduplicate_findings?
deduplicate || security_scan.saved_changes? deduplicate || security_scan.saved_changes?
end end
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
require 'spec_helper' require 'spec_helper'
RSpec.describe Security::StoreScanService do RSpec.describe Security::StoreScanService do
let_it_be(:artifact) { create(:ee_ci_job_artifact, :sast) } let_it_be_with_refind(:artifact) { create(:ee_ci_job_artifact, :sast) }
let(:known_keys) { Set.new } let(:known_keys) { Set.new }
...@@ -96,6 +96,18 @@ RSpec.describe Security::StoreScanService do ...@@ -96,6 +96,18 @@ RSpec.describe Security::StoreScanService do
end end
end end
context 'when the report is produced by a retried job' do
before do
artifact.job.update!(retried: true)
end
it 'does not call the `Security::StoreFindingsMetadataService` and sets the security scan as non latest' do
expect { store_scan }.to change { Security::Scan.where(latest: false).count }.by(1)
expect(Security::StoreFindingsMetadataService).not_to have_received(:execute)
end
end
context 'when the report does not have any errors' do context 'when the report does not have any errors' do
before do before do
artifact.security_report.errors.clear artifact.security_report.errors.clear
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment