Add latest changes from gitlab-org/gitlab@14-1-stable-eev14.1.0-rc42

5 files changed, 392 insertions, 18 deletions

diff --git a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
index 0530aa8c760..1f68dd7a382 100644
--- a/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/debian_packages_shared_examples.rb
@@ -12,15 +12,17 @@ RSpec.shared_context 'Debian repository shared context' do |container_type, can_
   let_it_be(:user, freeze: true) { create(:user) }
   let_it_be(:personal_access_token, freeze: true) { create(:personal_access_token, user: user) }
 
-  let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", container: private_container, codename: 'existing-codename') }
+  let_it_be(:private_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: private_container, codename: 'existing-codename') }
   let_it_be(:private_component, freeze: true) { create("debian_#{container_type}_component", distribution: private_distribution, name: 'existing-component') }
   let_it_be(:private_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'all') }
   let_it_be(:private_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: private_distribution, name: 'existing-arch') }
+  let_it_be(:private_component_file) { create("debian_#{container_type}_component_file", component: private_component, architecture: private_architecture) }
 
-  let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", container: public_container, codename: 'existing-codename') }
+  let_it_be(:public_distribution, freeze: true) { create("debian_#{container_type}_distribution", :with_file, container: public_container, codename: 'existing-codename') }
   let_it_be(:public_component, freeze: true) { create("debian_#{container_type}_component", distribution: public_distribution, name: 'existing-component') }
   let_it_be(:public_architecture_all, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'all') }
   let_it_be(:public_architecture, freeze: true) { create("debian_#{container_type}_architecture", distribution: public_distribution, name: 'existing-arch') }
+  let_it_be(:public_component_file) { create("debian_#{container_type}_component_file", component: public_component, architecture: public_architecture) }
 
   if container_type == :group
     let_it_be(:private_project) { create(:project, :private, group: private_container) }
@@ -40,14 +42,15 @@ RSpec.shared_context 'Debian repository shared context' do |container_type, can_
   let(:visibility_level) { :public }
 
   let(:distribution) { { private: private_distribution, public: public_distribution }[visibility_level] }
+  let(:architecture) { { private: private_architecture, public: public_architecture }[visibility_level] }
+  let(:component) { { private: private_component, public: public_component }[visibility_level] }
+  let(:component_file) { { private: private_component_file, public: public_component_file }[visibility_level] }
 
-  let(:component) { 'main' }
-  let(:architecture) { 'amd64' }
   let(:source_package) { 'sample' }
   let(:letter) { source_package[0..2] == 'lib' ? source_package[0..3] : source_package[0] }
   let(:package_name) { 'libsample0' }
   let(:package_version) { '1.2.3~alpha2' }
-  let(:file_name) { "#{package_name}_#{package_version}_#{architecture}.deb" }
+  let(:file_name) { "#{package_name}_#{package_version}_#{architecture.name}.deb" }
 
   let(:method) { :get }
 
diff --git a/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb b/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb
index 9cf5bc04f65..7e1f4500779 100644
--- a/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/graphql/noteable_shared_examples.rb
@@ -31,6 +31,28 @@ RSpec.shared_examples 'a noteable graphql type we can query' do
       expect(graphql_data_at(*path_to_noteable, :discussions, :nodes))
         .to match_array(expected)
     end
+
+    it 'can fetch discussion noteable' do
+      create(discussion_factory, project: project, noteable: noteable)
+      fields =
+        <<-QL.strip_heredoc
+          discussions {
+            nodes {
+              noteable {
+                __typename
+                ... on #{noteable.class.name.demodulize} {
+                  id
+                }
+              }
+            }
+          }
+        QL
+
+      post_graphql(query(fields), current_user: current_user)
+
+      data = graphql_data_at(*path_to_noteable, :discussions, :nodes, :noteable, :id)
+      expect(data[0]).to eq(global_id_of(noteable))
+    end
   end
 
   describe '.notes' do
diff --git a/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb
index 585c4fb8a4e..1ad38a17f9c 100644
--- a/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/helm_packages_shared_examples.rb
@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
-RSpec.shared_examples 'rejects helm packages access' do |user_type, status, add_member = true|
+RSpec.shared_examples 'rejects helm packages access' do |user_type, status|
   context "for user type #{user_type}" do
     before do
-      project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
+      project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member
     end
 
     it_behaves_like 'returning response status', status
@@ -18,19 +18,170 @@ RSpec.shared_examples 'rejects helm packages access' do |user_type, status, add_
   end
 end
 
-RSpec.shared_examples 'process helm download content request' do |user_type, status, add_member = true|
+RSpec.shared_examples 'process helm service index request' do |user_type, status|
   context "for user type #{user_type}" do
     before do
-      project.send("add_#{user_type}", user) if add_member && user_type != :anonymous
+      project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member
     end
 
-    it_behaves_like 'returning response status', status
+    it 'returns a valid YAML response', :aggregate_failures do
+      subject
+
+      expect(response).to have_gitlab_http_status(status)
+
+      expect(response.media_type).to eq('text/yaml')
+      expect(response.body).to start_with("---\napiVersion: v1\nentries:\n")
+
+      yaml_response = YAML.safe_load(response.body)
+
+      expect(yaml_response.keys).to contain_exactly('apiVersion', 'entries', 'generated', 'serverInfo')
+      expect(yaml_response['entries']).to be_a(Hash)
+      expect(yaml_response['entries'].keys).to contain_exactly(package.name)
+      expect(yaml_response['serverInfo']).to eq({ 'contextPath' => "/api/v4/projects/#{project.id}/packages/helm" })
+
+      package_entry = yaml_response['entries'][package.name]
+
+      expect(package_entry.length).to eq(1)
+      expect(package_entry.first.keys).to contain_exactly('name', 'version', 'apiVersion', 'created', 'digest', 'urls')
+      expect(package_entry.first['digest']).to eq('fd2b2fa0329e80a2a602c2bb3b40608bcd6ee5cf96cf46fd0d2800a4c129c9db')
+      expect(package_entry.first['urls']).to eq(["charts/#{package.name}-#{package.version}.tgz"])
+    end
+  end
+end
+
+RSpec.shared_examples 'process helm workhorse authorization' do |user_type, status, test_bypass: false|
+  context "for user type #{user_type}" do
+    before do
+      project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member
+    end
+
+    it 'has the proper status and content type' do
+      subject
+
+      expect(response).to have_gitlab_http_status(status)
+      expect(response.media_type).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
+    end
+
+    context 'with a request that bypassed gitlab-workhorse' do
+      let(:headers) do
+        basic_auth_header(user.username, personal_access_token.token)
+          .merge(workhorse_headers)
+          .tap { |h| h.delete(Gitlab::Workhorse::INTERNAL_API_REQUEST_HEADER) }
+      end
+
+      before do
+        project.add_maintainer(user)
+      end
+
+      it_behaves_like 'returning response status', :forbidden
+    end
+  end
+end
+
+RSpec.shared_examples 'process helm upload' do |user_type, status|
+  shared_examples 'creates helm package files' do
+    it 'creates package files' do
+      expect(::Packages::Helm::ExtractionWorker).to receive(:perform_async).once
+      expect { subject }
+          .to change { project.packages.count }.by(1)
+          .and change { Packages::PackageFile.count }.by(1)
+      expect(response).to have_gitlab_http_status(status)
+
+      package_file = project.packages.last.package_files.reload.last
+      expect(package_file.file_name).to eq('package.tgz')
+    end
+  end
+
+  context "for user type #{user_type}" do
+    before do
+      project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member
+    end
+
+    context 'with object storage disabled' do
+      before do
+        stub_package_file_object_storage(enabled: false)
+      end
+
+      context 'without a file from workhorse' do
+        let(:send_rewritten_field) { false }
+
+        it_behaves_like 'returning response status', :bad_request
+      end
+
+      context 'with correct params' do
+        it_behaves_like 'package workhorse uploads'
+        it_behaves_like 'creates helm package files'
+        it_behaves_like 'a package tracking event', 'API::HelmPackages', 'push_package'
+      end
+    end
+
+    context 'with object storage enabled' do
+      let(:tmp_object) do
+        fog_connection.directories.new(key: 'packages').files.create( # rubocop:disable Rails/SaveBang
+          key: "tmp/uploads/#{file_name}",
+          body: 'content'
+        )
+      end
+
+      let(:fog_file) { fog_to_uploaded_file(tmp_object) }
+      let(:params) { { chart: fog_file, 'chart.remote_id' => file_name } }
+
+      context 'and direct upload enabled' do
+        let(:fog_connection) do
+          stub_package_file_object_storage(direct_upload: true)
+        end
+
+        it_behaves_like 'creates helm package files'
+
+        ['123123', '../../123123'].each do |remote_id|
+          context "with invalid remote_id: #{remote_id}" do
+            let(:params) do
+              {
+                chart: fog_file,
+                'chart.remote_id' => remote_id
+              }
+            end
+
+            it_behaves_like 'returning response status', :forbidden
+          end
+        end
+      end
+
+      context 'and direct upload disabled' do
+        context 'and background upload disabled' do
+          let(:fog_connection) do
+            stub_package_file_object_storage(direct_upload: false, background_upload: false)
+          end
+
+          it_behaves_like 'creates helm package files'
+        end
+
+        context 'and background upload enabled' do
+          let(:fog_connection) do
+            stub_package_file_object_storage(direct_upload: false, background_upload: true)
+          end
+
+          it_behaves_like 'creates helm package files'
+        end
+      end
+    end
+
+    it_behaves_like 'background upload schedules a file migration'
+  end
+end
+
+RSpec.shared_examples 'process helm download content request' do |user_type, status|
+  context "for user type #{user_type}" do
+    before do
+      project.send("add_#{user_type}", user) if user_type != :anonymous && user_type != :not_a_member
+    end
 
     it_behaves_like 'a package tracking event', 'API::HelmPackages', 'pull_package'
 
-    it 'returns a valid package archive' do
+    it 'returns expected status and a valid package archive' do
       subject
 
+      expect(response).to have_gitlab_http_status(status)
       expect(response.media_type).to eq('application/octet-stream')
     end
   end
@@ -51,3 +202,69 @@ RSpec.shared_examples 'rejects helm access with unknown project id' do
     end
   end
 end
+
+RSpec.shared_examples 'handling helm chart index requests' do
+  context 'with valid project' do
+    subject { get api(url), headers: headers }
+
+    using RSpec::Parameterized::TableSyntax
+
+    context 'personal token' do
+      where(:visibility, :user_role, :shared_examples_name, :expected_status) do
+        :public  | :guest        | 'process helm service index request' | :success
+        :public  | :not_a_member | 'process helm service index request' | :success
+        :public  | :anonymous    | 'process helm service index request' | :success
+        :private | :reporter     | 'process helm service index request' | :success
+        :private | :guest        | 'rejects helm packages access'       | :forbidden
+        :private | :not_a_member | 'rejects helm packages access'       | :not_found
+        :private | :anonymous    | 'rejects helm packages access'       | :unauthorized
+      end
+
+      with_them do
+        let(:headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, personal_access_token.token) }
+
+        before do
+          project.update!(visibility: visibility.to_s)
+        end
+
+        it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status]
+      end
+    end
+
+    context 'when an invalid token is passed' do
+      let(:headers) { basic_auth_header(user.username, 'wrong') }
+
+      it_behaves_like 'returning response status', :unauthorized
+    end
+
+    context 'with job token' do
+      where(:visibility, :user_role, :shared_examples_name, :expected_status) do
+        :public  | :guest        | 'process helm service index request' | :success
+        :public  | :not_a_member | 'process helm service index request' | :success
+        :public  | :anonymous    | 'process helm service index request' | :success
+        :private | :reporter     | 'process helm service index request' | :success
+        :private | :guest        | 'rejects helm packages access'       | :forbidden
+        :private | :not_a_member | 'rejects helm packages access'       | :not_found
+        :private | :anonymous    | 'rejects helm packages access'       | :unauthorized
+      end
+
+      with_them do
+        let_it_be(:ci_build) { create(:ci_build, project: project, user: user, status: :running) }
+
+        let(:headers) { user_role == :anonymous ? {} : job_basic_auth_header(ci_build) }
+
+        before do
+          project.update!(visibility: visibility.to_s)
+        end
+
+        it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status]
+      end
+    end
+  end
+
+  it_behaves_like 'deploy token for package GET requests'
+
+  it_behaves_like 'rejects helm access with unknown project id' do
+    subject { get api(url) }
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb b/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb
index 617fdecbb5b..878cbc10a24 100644
--- a/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/nuget_packages_shared_examples.rb
@@ -136,8 +136,8 @@ RSpec.shared_examples 'process nuget workhorse authorization' do |user_type, sta
   end
 end
 
-RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = true|
-  RSpec.shared_examples 'creates nuget package files' do
+RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member = true, symbol_package = false|
+  shared_examples 'creates nuget package files' do
     it 'creates package files' do
       expect(::Packages::Nuget::ExtractionWorker).to receive(:perform_async).once
       expect { subject }
@@ -146,7 +146,7 @@ RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member =
       expect(response).to have_gitlab_http_status(status)
 
       package_file = target.packages.last.package_files.reload.last
-      expect(package_file.file_name).to eq('package.nupkg')
+      expect(package_file.file_name).to eq(file_name)
     end
   end
 
@@ -169,7 +169,12 @@ RSpec.shared_examples 'process nuget upload' do |user_type, status, add_member =
       context 'with correct params' do
         it_behaves_like 'package workhorse uploads'
         it_behaves_like 'creates nuget package files'
-        it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_package'
+
+        if symbol_package
+          it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_symbol_package'
+        else
+          it_behaves_like 'a package tracking event', 'API::NugetPackages', 'push_package'
+        end
       end
     end
 
@@ -300,6 +305,18 @@ RSpec.shared_examples 'process nuget download content request' do |user_type, st
       it_behaves_like 'rejects nuget packages access', :anonymous, :not_found
     end
 
+    context 'with symbol package' do
+      let(:format) { 'snupkg' }
+
+      it 'returns a valid package archive' do
+        subject
+
+        expect(response.media_type).to eq('application/octet-stream')
+      end
+
+      it_behaves_like 'a package tracking event', 'API::NugetPackages', 'pull_symbol_package'
+    end
+
     context 'with lower case package name' do
       let_it_be(:package_name) { 'dummy.package' }
 
@@ -407,3 +424,114 @@ RSpec.shared_examples 'rejects nuget access with unknown target id' do
     end
   end
 end
+
+RSpec.shared_examples 'nuget authorize upload endpoint' do
+  using RSpec::Parameterized::TableSyntax
+
+  context 'with valid project' do
+    where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
+      'PUBLIC'  | :developer  | true  | true  | 'process nuget workhorse authorization' | :success
+      'PUBLIC'  | :guest      | true  | true  | 'rejects nuget packages access'         | :forbidden
+      'PUBLIC'  | :developer  | true  | false | 'rejects nuget packages access'         | :unauthorized
+      'PUBLIC'  | :guest      | true  | false | 'rejects nuget packages access'         | :unauthorized
+      'PUBLIC'  | :developer  | false | true  | 'rejects nuget packages access'         | :forbidden
+      'PUBLIC'  | :guest      | false | true  | 'rejects nuget packages access'         | :forbidden
+      'PUBLIC'  | :developer  | false | false | 'rejects nuget packages access'         | :unauthorized
+      'PUBLIC'  | :guest      | false | false | 'rejects nuget packages access'         | :unauthorized
+      'PUBLIC'  | :anonymous  | false | true  | 'rejects nuget packages access'         | :unauthorized
+      'PRIVATE' | :developer  | true  | true  | 'process nuget workhorse authorization' | :success
+      'PRIVATE' | :guest      | true  | true  | 'rejects nuget packages access'         | :forbidden
+      'PRIVATE' | :developer  | true  | false | 'rejects nuget packages access'         | :unauthorized
+      'PRIVATE' | :guest      | true  | false | 'rejects nuget packages access'         | :unauthorized
+      'PRIVATE' | :developer  | false | true  | 'rejects nuget packages access'         | :not_found
+      'PRIVATE' | :guest      | false | true  | 'rejects nuget packages access'         | :not_found
+      'PRIVATE' | :developer  | false | false | 'rejects nuget packages access'         | :unauthorized
+      'PRIVATE' | :guest      | false | false | 'rejects nuget packages access'         | :unauthorized
+      'PRIVATE' | :anonymous  | false | true  | 'rejects nuget packages access'         | :unauthorized
+    end
+
+    with_them do
+      let(:token) { user_token ? personal_access_token.token : 'wrong' }
+      let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
+      let(:headers) { user_headers.merge(workhorse_headers) }
+
+      before do
+        update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false))
+      end
+
+      it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member]
+    end
+  end
+
+  it_behaves_like 'deploy token for package uploads'
+
+  it_behaves_like 'job token for package uploads', authorize_endpoint: true do
+    let_it_be(:job) { create(:ci_build, :running, user: user, project: project) }
+  end
+
+  it_behaves_like 'rejects nuget access with unknown target id'
+
+  it_behaves_like 'rejects nuget access with invalid target id'
+end
+
+RSpec.shared_examples 'nuget upload endpoint' do |symbol_package: false|
+  using RSpec::Parameterized::TableSyntax
+
+  context 'with valid project' do
+    where(:visibility_level, :user_role, :member, :user_token, :shared_examples_name, :expected_status) do
+      'PUBLIC'  | :developer  | true  | true  | 'process nuget upload'          | :created
+      'PUBLIC'  | :guest      | true  | true  | 'rejects nuget packages access' | :forbidden
+      'PUBLIC'  | :developer  | true  | false | 'rejects nuget packages access' | :unauthorized
+      'PUBLIC'  | :guest      | true  | false | 'rejects nuget packages access' | :unauthorized
+      'PUBLIC'  | :developer  | false | true  | 'rejects nuget packages access' | :forbidden
+      'PUBLIC'  | :guest      | false | true  | 'rejects nuget packages access' | :forbidden
+      'PUBLIC'  | :developer  | false | false | 'rejects nuget packages access' | :unauthorized
+      'PUBLIC'  | :guest      | false | false | 'rejects nuget packages access' | :unauthorized
+      'PUBLIC'  | :anonymous  | false | true  | 'rejects nuget packages access' | :unauthorized
+      'PRIVATE' | :developer  | true  | true  | 'process nuget upload'          | :created
+      'PRIVATE' | :guest      | true  | true  | 'rejects nuget packages access' | :forbidden
+      'PRIVATE' | :developer  | true  | false | 'rejects nuget packages access' | :unauthorized
+      'PRIVATE' | :guest      | true  | false | 'rejects nuget packages access' | :unauthorized
+      'PRIVATE' | :developer  | false | true  | 'rejects nuget packages access' | :not_found
+      'PRIVATE' | :guest      | false | true  | 'rejects nuget packages access' | :not_found
+      'PRIVATE' | :developer  | false | false | 'rejects nuget packages access' | :unauthorized
+      'PRIVATE' | :guest      | false | false | 'rejects nuget packages access' | :unauthorized
+      'PRIVATE' | :anonymous  | false | true  | 'rejects nuget packages access' | :unauthorized
+    end
+
+    with_them do
+      let(:token) { user_token ? personal_access_token.token : 'wrong' }
+      let(:user_headers) { user_role == :anonymous ? {} : basic_auth_header(user.username, token) }
+      let(:headers) { user_headers.merge(workhorse_headers) }
+      let(:snowplow_gitlab_standard_context) { { project: project, user: user, namespace: project.namespace } }
+
+      before do
+        update_visibility_to(Gitlab::VisibilityLevel.const_get(visibility_level, false))
+      end
+
+      it_behaves_like params[:shared_examples_name], params[:user_role], params[:expected_status], params[:member], symbol_package
+    end
+  end
+
+  it_behaves_like 'deploy token for package uploads'
+
+  it_behaves_like 'job token for package uploads' do
+    let_it_be(:job) { create(:ci_build, :running, user: user, project: project) }
+  end
+
+  it_behaves_like 'rejects nuget access with unknown target id'
+
+  it_behaves_like 'rejects nuget access with invalid target id'
+
+  context 'file size above maximum limit' do
+    let(:headers) { basic_auth_header(deploy_token.username, deploy_token.token).merge(workhorse_headers) }
+
+    before do
+      allow_next_instance_of(UploadedFile) do |uploaded_file|
+        allow(uploaded_file).to receive(:size).and_return(project.actual_limits.nuget_max_file_size + 1)
+      end
+    end
+
+    it_behaves_like 'returning response status', :bad_request
+  end
+end
diff --git a/spec/support/shared_examples/requests/api/packages_shared_examples.rb b/spec/support/shared_examples/requests/api/packages_shared_examples.rb
index 42c29084d7b..ecde4ee8565 100644
--- a/spec/support/shared_examples/requests/api/packages_shared_examples.rb
+++ b/spec/support/shared_examples/requests/api/packages_shared_examples.rb
@@ -100,7 +100,7 @@ RSpec.shared_examples 'job token for package GET requests' do
   end
 end
 
-RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false|
+RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: false, accept_invalid_username: false|
   context 'with job token headers' do
     let(:headers) { basic_auth_header(::Gitlab::Auth::CI_JOB_USER, job.token).merge(workhorse_headers) }
 
@@ -133,7 +133,11 @@ RSpec.shared_examples 'job token for package uploads' do |authorize_endpoint: fa
     context 'invalid user' do
       let(:headers) { basic_auth_header('foo', job.token).merge(workhorse_headers) }
 
-      it_behaves_like 'returning response status', :unauthorized
+      if accept_invalid_username
+        it_behaves_like 'returning response status', :success
+      else
+        it_behaves_like 'returning response status', :unauthorized
+      end
     end
   end
 end
@@ -143,7 +147,7 @@ RSpec.shared_examples 'a package tracking event' do |category, action|
     stub_feature_flags(collect_package_events: true)
   end
 
-  it "creates a gitlab tracking event #{action}", :snowplow do
+  it "creates a gitlab tracking event #{action}", :snowplow, :aggregate_failures do
     expect { subject }.to change { Packages::Event.count }.by(1)
 
     expect_snowplow_event(category: category, action: action, **snowplow_gitlab_standard_context)