diff options
Diffstat (limited to 'app/services/security')
6 files changed, 42 insertions, 9 deletions
diff --git a/app/services/security/ci_configuration/base_create_service.rb b/app/services/security/ci_configuration/base_create_service.rb index 7f3b66d40e1..aaa850fde39 100644 --- a/app/services/security/ci_configuration/base_create_service.rb +++ b/app/services/security/ci_configuration/base_create_service.rb @@ -3,7 +3,7 @@ module Security module CiConfiguration class BaseCreateService - attr_reader :branch_name, :current_user, :project + attr_reader :branch_name, :current_user, :project, :name def initialize(project, current_user) @project = project @@ -41,8 +41,18 @@ module Security end def existing_gitlab_ci_content - @gitlab_ci_yml ||= project.ci_config_for(project.repository.root_ref_sha) + root_ref = root_ref_sha(project) + return if root_ref.nil? + + @gitlab_ci_yml ||= project.ci_config_for(root_ref) YAML.safe_load(@gitlab_ci_yml) if @gitlab_ci_yml + rescue Psych::BadAlias + raise Gitlab::Graphql::Errors::MutationError, + ".gitlab-ci.yml with aliases/anchors is not supported. Please change the CI configuration manually." + rescue Psych::Exception => e + Gitlab::AppLogger.error("Failed to process existing .gitlab-ci.yml: #{e.message}") + raise Gitlab::Graphql::Errors::MutationError, + "#{name} merge request creation mutation failed" end def successful_change_path @@ -61,6 +71,15 @@ module Security self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s ) end + + def root_ref_sha(project) + project.repository.root_ref_sha + rescue StandardError => e + # this might fail on the very first commit, + # and unfortunately it raises a StandardError + Gitlab::ErrorTracking.track_exception(e, project_id: project.id) + nil + end end end end diff --git a/app/services/security/ci_configuration/container_scanning_create_service.rb b/app/services/security/ci_configuration/container_scanning_create_service.rb index da2f1ac0981..4dfd05451ad 100644 --- a/app/services/security/ci_configuration/container_scanning_create_service.rb +++ b/app/services/security/ci_configuration/container_scanning_create_service.rb @@ -21,6 +21,10 @@ module Security def description _('Configure Container Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings) to customize Container Scanning settings.') end + + def name + 'Container Scanning' + end end end end diff --git a/app/services/security/ci_configuration/dependency_scanning_create_service.rb b/app/services/security/ci_configuration/dependency_scanning_create_service.rb index b11eccc680c..66dd76c4b5d 100644 --- a/app/services/security/ci_configuration/dependency_scanning_create_service.rb +++ b/app/services/security/ci_configuration/dependency_scanning_create_service.rb @@ -21,6 +21,10 @@ module Security def description _('Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings.') end + + def name + 'Dependency Scanning' + end end end end diff --git a/app/services/security/ci_configuration/sast_create_service.rb b/app/services/security/ci_configuration/sast_create_service.rb index d78e22f1fe1..643cb7f89dc 100644 --- a/app/services/security/ci_configuration/sast_create_service.rb +++ b/app/services/security/ci_configuration/sast_create_service.rb @@ -20,13 +20,7 @@ module Security end def action - existing_content = begin - existing_gitlab_ci_content # this can fail on the very first commit - rescue StandardError - nil - end - - Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_content, project.ci_config_path).generate + Security::CiConfiguration::SastBuildAction.new(project.auto_devops_enabled?, params, existing_gitlab_ci_content, project.ci_config_path).generate end def next_branch @@ -40,6 +34,10 @@ module Security def description _('Configure SAST in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.') end + + def name + 'SAST' + end end end end diff --git a/app/services/security/ci_configuration/sast_iac_create_service.rb b/app/services/security/ci_configuration/sast_iac_create_service.rb index fbc65484216..61bbebd77d0 100644 --- a/app/services/security/ci_configuration/sast_iac_create_service.rb +++ b/app/services/security/ci_configuration/sast_iac_create_service.rb @@ -21,6 +21,10 @@ module Security def description _('Configure SAST IaC in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST IaC settings.') end + + def name + 'SAST IaC' + end end end end diff --git a/app/services/security/ci_configuration/secret_detection_create_service.rb b/app/services/security/ci_configuration/secret_detection_create_service.rb index ca5138b6ed6..792fe4986e9 100644 --- a/app/services/security/ci_configuration/secret_detection_create_service.rb +++ b/app/services/security/ci_configuration/secret_detection_create_service.rb @@ -21,6 +21,10 @@ module Security def description _('Configure Secret Detection in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings) to customize Secret Detection settings.') end + + def name + 'Secret Detection' + end end end end |