1 files changed, 45 insertions, 34 deletions

diff --git a/qa/qa/specs/features/repository/protected_branches_spec.rb b/qa/qa/specs/features/repository/protected_branches_spec.rb
index 406b2772b64..c5b8c271d7d 100644
--- a/qa/qa/specs/features/repository/protected_branches_spec.rb
+++ b/qa/qa/specs/features/repository/protected_branches_spec.rb
@@ -7,63 +7,74 @@ module QA
         resource.name = 'protected-branch-project'
       end
     end
-    given(:location) do
-      Page::Project::Show.act do
-        choose_repository_clone_http
-        repository_location
-      end
-    end
 
     before do
       Runtime::Browser.visit(:gitlab, Page::Main::Login)
       Page::Main::Login.act { sign_in_using_credentials }
     end
 
-    after do
+    after do |example|
       # We need to clear localStorage because we're using it for the dropdown,
       # and capybara doesn't do this for us.
       # https://github.com/teamcapybara/capybara/issues/1702
       Capybara.execute_script 'localStorage.clear()'
+
+      # In order to help diagnose a false failure
+      # https://gitlab.com/gitlab-org/gitlab-ce/issues/48241
+      log_push_output if example.exception
     end
 
-    scenario 'user is able to protect a branch' do
-      protected_branch = Factory::Resource::Branch.fabricate! do |resource|
-        resource.branch_name = branch_name
-        resource.project = project
-        resource.allow_to_push = true
-        resource.protected = true
+    context 'when developers and maintainers are allowed to push to a protected branch' do
+      let!(:protected_branch) { create_protected_branch(allow_to_push: true) }
+
+      scenario 'user with push rights successfully pushes to the protected branch' do
+        expect(protected_branch.name).to have_content(branch_name)
+        expect(protected_branch.push_allowance).to have_content('Developers + Maintainers')
+
+        @push = push_new_file(branch_name)
+
+        expect(@push.output).to match(/remote: To create a merge request for protected-branch, visit/)
       end
+    end
+
+    context 'when developers and maintainers are not allowed to push to a protected branch' do
+      scenario 'user without push rights fails to push to the protected branch' do
+        create_protected_branch(allow_to_push: false)
+
+        @push = push_new_file(branch_name)
 
-      expect(protected_branch.name).to have_content(branch_name)
-      expect(protected_branch.push_allowance).to have_content('Developers + Masters')
+        expect(@push.output)
+          .to match(/remote\: GitLab\: You are not allowed to push code to protected branches on this project/)
+        expect(@push.output)
+          .to match(/\[remote rejected\] #{branch_name} -> #{branch_name} \(pre-receive hook declined\)/)
+      end
     end
 
-    scenario 'users without authorization cannot push to protected branch' do
+    def create_protected_branch(allow_to_push:)
       Factory::Resource::Branch.fabricate! do |resource|
         resource.branch_name = branch_name
         resource.project = project
-        resource.allow_to_push = false
+        resource.allow_to_push = allow_to_push
         resource.protected = true
       end
+    end
 
-      project.visit!
-
-      Git::Repository.perform do |repository|
-        repository.uri = location.uri
-        repository.use_default_credentials
-
-        repository.act do
-          clone
-          configure_identity('GitLab QA', 'root@gitlab.com')
-          checkout('protected-branch')
-          commit_file('README.md', 'readme content', 'Add a readme')
-          push_changes('protected-branch')
-        end
+    def push_new_file(branch)
+      Factory::Repository::ProjectPush.fabricate! do |resource|
+        resource.project = project
+        resource.file_name = 'new_file.md'
+        resource.file_content = '# This is a new file'
+        resource.commit_message = 'Add new_file.md'
+        resource.branch_name = branch_name
+        resource.new_branch = false
+      end
+    end
 
-        expect(repository.push_error)
-          .to match(/remote\: GitLab\: You are not allowed to push code to protected branches on this project/)
-        expect(repository.push_error)
-          .to match(/\[remote rejected\] #{branch_name} -> #{branch_name} \(pre-receive hook declined\)/)
+    def log_push_output
+      if defined?(@push)
+        filename = File.join('tmp', "push-output-#{project.name}")
+        puts "Exception detected. Push output will be saved to #{filename}"
+        IO.binwrite(filename, @push.output)
       end
     end
   end