Add an E2E test for the project Security Dashboard

Adds an additional end-to-end test validating that the results of Secure tool scans appear on the Project-level Security Dashboard. Also fixes a minor issue with the Secure Pipeline reports test that created a duplicate job.

Add an E2E test for the project Security Dashboard
Adds an additional end-to-end test validating that the results of Secure tool scans appear on the Project-level Security Dashboard. Also fixes a minor issue with the Secure Pipeline reports test that created a duplicate job.
f2246d07 · Aleksandr Soborov · Sanad Liaquat · 9e7bbd6b · f2246d07 · f2246d07
Commit f2246d07 authored Jul 25, 2019 by Aleksandr Soborov Committed by Sanad Liaquat Jul 25, 2019
8 changed files
--- a/ee/app/assets/javascripts/security_dashboard/components/vulnerability_count.vue
+++ b/ee/app/assets/javascripts/security_dashboard/components/vulnerability_count.vue
@@ -22,6 +22,9 @@ export default {
    className() {
      return `vulnerability-count-${this.severity}`;
    },
+    qaSelector() {
+      return `vulnerability_count_${this.severity}`;
+    },
    severityTitle() {
      return SEVERITY_LEVELS[this.severity] || this.severity;
    },
@@ -32,7 +35,7 @@ export default {
 <template>
  <div class="vulnerability-count" :class="className">
    <div class="vulnerability-count-header">{{ severityTitle }}</div>
-    <div class="vulnerability-count-body">
+    <div class="vulnerability-count-body" :data-qa-selector="qaSelector">
      <span v-if="isLoading">&mdash;</span> <span v-else>{{ count }}</span>
    </div>
  </div>

--- a/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
+++ b/ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml
 - if project_nav_tab?(:security)
  = nav_link(path: sidebar_security_paths) do
-    = link_to project_security_dashboard_path(@project), title: _('Security Dashboard') do
+    = link_to project_security_dashboard_path(@project), title: _('Security Dashboard'), data: { qa_selector: 'link_security_dashboard' } do
      .nav-icon-container
        = sprite_icon('shield')
      %span.nav-item-name

--- a/qa/qa/ee.rb
+++ b/qa/qa/ee.rb
@@ -60,6 +60,10 @@ module QA
        autoload :New, 'qa/ee/page/project/new'
        autoload :Show, 'qa/ee/page/project/show'

+        module SubMenus
+          autoload :SecurityCompliance, 'qa/ee/page/project/sub_menus/security_compliance'
+        end
+
        module Issue
          autoload :Index, 'qa/ee/page/project/issue/index'
          autoload :Show, 'qa/ee/page/project/issue/show'
@@ -81,6 +85,10 @@ module QA
        module Pipeline
          autoload :Show, 'qa/ee/page/project/pipeline/show'
        end
+
+        module Secure
+          autoload :Show, 'qa/ee/page/project/secure/show'
+        end
      end

      module MergeRequest

--- a/qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
+++ b/qa/qa/ee/fixtures/secure_premade_reports/.gitlab-ci.yml
 include:
  template: Dependency-Scanning.gitlab-ci.yml

-dependency-scanning:
+dependency_scanning:
  tags:
    - qa
    - test

--- a/qa/qa/ee/page/project/secure/show.rb
+++ b/qa/qa/ee/page/project/secure/show.rb
+# frozen_string_literal: true
+
+module QA
+  module EE
+    module Page
+      module Project::Secure
+        class Show < QA::Page::Base
+          view 'ee/app/assets/javascripts/security_dashboard/components/vulnerability_count.vue' do
+            element :vulnerability_count, ':data-qa-selector="qaSelector"' # rubocop:disable QA/ElementWithPattern
+          end
+
+          def has_low_vulnerability_count_of?(expected)
+            find_element(:vulnerability_count_low).has_content?(expected)
+          end
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/ee/page/project/sub_menus/security_compliance.rb
+++ b/qa/qa/ee/page/project/sub_menus/security_compliance.rb
+# frozen_string_literal: true
+
+module QA
+  module EE
+    module Page
+      module Project
+        module SubMenus
+          module SecurityCompliance
+            include QA::Page::Project::SubMenus::Common
+
+            def self.included(page)
+              page.class_eval do
+                view 'ee/app/views/layouts/nav/sidebar/_project_security_link.html.haml' do
+                  element :link_security_dashboard
+                end
+              end
+            end
+
+            def click_on_security_dashboard
+              within_sidebar do
+                click_element :link_security_dashboard
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end
--- a/qa/qa/page/project/menu.rb
+++ b/qa/qa/page/project/menu.rb
@@ -6,11 +6,13 @@ module QA
      class Menu < Page::Base
        include SubMenus::Common

+        include SubMenus::Project
        include SubMenus::CiCd
        include SubMenus::Issues
        include SubMenus::Operations
        include SubMenus::Repository
        include SubMenus::Settings
+        include EE::Page::Project::SubMenus::SecurityCompliance # rubocop: disable Cop/InjectEnterpriseEditionModule

        view 'app/views/layouts/nav/sidebar/_project.html.haml' do
          element :activity_link

--- a/qa/qa/specs/features/ee/browser_ui/secure/create_project_with_secure_spec.rb
+++ b/qa/qa/specs/features/ee/browser_ui/secure/create_project_with_secure_spec.rb
@@ -9,28 +9,28 @@ module QA
      Page::Main::Login.perform(&:sign_in_using_credentials)
    end

-    describe 'Security Dashboard support' do
-      let(:executor) { "qa-runner-#{Time.now.to_i}" }
-
+    describe 'Security Reports in project security dashboard' do
      after do
-        Service::Runner.new(executor).remove!
+        Service::Runner.new(@executor).remove!
      end

-      it 'displays the Dependency Scanning report in the pipeline' do
+      before do
+        @executor = "qa-runner-#{Time.now.to_i}"
+
        login

-        @project = Resource::Project.fabricate! do |p|
+        @project = Resource::Project.fabricate_via_api! do |p|
          p.name = Runtime::Env.auto_devops_project_name || 'project-with-secure'
          p.description = 'Project with Secure'
        end

        Resource::Runner.fabricate! do |runner|
          runner.project = @project
-          runner.name = executor
+          runner.name = @executor
          runner.tags = %w[qa test]
        end

-        # Create Secure compatible repo
+        # Push fixture to generate Secure reports
        Resource::Repository::ProjectPush.fabricate! do |push|
          push.project = @project
          push.directory = Pathname
@@ -43,13 +43,17 @@ module QA
        Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline)

        Page::Project::Pipeline::Show.perform do |pipeline|
-          pipeline.click_job('dependency-scanning')
+          pipeline.click_job('dependency_scanning')
        end
        Page::Project::Job::Show.perform do |job|
          expect(job).to be_successful(timeout: 600)
-
-          job.click_element(:pipeline_path)
        end
+      end
+
+      it 'displays the Dependency Scanning report in the pipeline' do
+        Page::Project::Menu.perform(&:click_ci_cd_pipelines)
+        Page::Project::Pipeline::Index.perform(&:click_on_latest_pipeline)
+
        Page::Project::Pipeline::Show.perform do |pipeline|
          pipeline.click_on_security
          expect(pipeline).to have_dependency_report
@@ -58,6 +62,15 @@ module QA
          expect(pipeline).to have_content("jQuery before 3.4.0")
        end
      end
+
+      it 'displays the Dependency Scanning report in the project security dashboard' do
+        Page::Project::Menu.perform(&:click_project)
+        Page::Project::Menu.perform(&:click_on_security_dashboard)
+
+        EE::Page::Project::Secure::Show.perform do |dashboard|
+          expect(dashboard).to have_low_vulnerability_count_of "1"
+        end
+      end
    end
  end
 end