spec/support/shared_examples/services/security/ci_configuration/create_service_shared_examples.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

# frozen_string_literal: true

require 'spec_helper'

RSpec.shared_examples_for 'services security ci configuration create service' do |skip_w_params|
  let_it_be(:project) { create(:project, :repository) }
  let_it_be(:user) { create(:user) }

  describe '#execute' do
    let(:params) { {} }

    context 'user does not belong to project' do
      it 'returns an error status' do
        expect(result.status).to eq(:error)
        expect(result.payload[:success_path]).to be_nil
      end

      it 'does not track a snowplow event' do
        subject

        expect_no_snowplow_event
      end
    end

    context 'user belongs to project' do
      before do
        project.add_developer(user)
      end

      it 'does track the snowplow event' do
        subject

        expect_snowplow_event(**snowplow_event)
      end

      it 'raises exception if the user does not have permission to create a new branch' do
        allow(project).to receive(:repository).and_raise(Gitlab::Git::PreReceiveError, "You are not allowed to create protected branches on this project.")

        expect { subject }.to raise_error(Gitlab::Git::PreReceiveError)
      end

      context 'when exception is raised' do
        let_it_be(:project) { create(:project, :repository) }

        before do
          allow(project.repository).to receive(:add_branch).and_raise(StandardError, "The unexpected happened!")
        end

        context 'when branch was created' do
          before do
            allow(project.repository).to receive(:branch_exists?).and_return(true)
          end

          it 'tries to rm branch' do
            expect(project.repository).to receive(:rm_branch).with(user, branch_name)
            expect { subject }.to raise_error(StandardError)
          end
        end

        context 'when branch was not created' do
          before do
            allow(project.repository).to receive(:branch_exists?).and_return(false)
          end

          it 'does not try to rm branch' do
            expect(project.repository).not_to receive(:rm_branch)
            expect { subject }.to raise_error(StandardError)
          end
        end
      end

      context 'with no parameters' do
        it 'returns the path to create a new merge request' do
          expect(result.status).to eq(:success)
          expect(result.payload[:success_path]).to match(/#{Gitlab::Routing.url_helpers.project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
        end
      end

      context 'when the project has a non-default ci config file' do
        before do
          project.ci_config_path = 'non-default/.gitlab-ci.yml'
        end

        it 'does track the snowplow event' do
          subject

          expect_snowplow_event(**snowplow_event)
        end
      end

      context 'when existing ci config contains anchors/aliases' do
        let(:params) { {} }
        let(:unsupported_yaml) do
          <<-YAML
          image: python:latest

          cache: &global_cache
            key: 'common-cache'
            paths:
              - .cache/pip
              - venv/

          test:
            cache:
              <<: *global_cache
              key: 'custom-cache'
            script:
              - python setup.py test
              - pip install tox flake8  # you can also use tox
              - tox -e py36,flake8
          YAML
        end

        it 'fails with error' do
          expect(project).to receive(:ci_config_for).and_return(unsupported_yaml)

          expect { result }.to raise_error(Gitlab::Graphql::Errors::MutationError, '.gitlab-ci.yml with aliases/anchors is not supported. Please change the CI configuration manually.')
        end
      end

      context 'when parsing existing ci config gives a Psych error' do
        let(:params) { {} }
        let(:invalid_yaml) do
          <<-YAML
          image: python:latest

          test:
            script:
              - python setup.py test
              - pip install tox flake8  # you can also use tox
              - tox -e py36,flake8
          YAML
        end

        it 'fails with error' do
          expect(project).to receive(:ci_config_for).and_return(invalid_yaml)
          expect(YAML).to receive(:safe_load).and_raise(Psych::Exception)

          expect { result }.to raise_error(Gitlab::Graphql::Errors::MutationError, /merge request creation mutation failed/)
        end
      end

      context 'when parsing existing ci config gives any other error' do
        let(:params) { {} }
        let_it_be(:repository) { project.repository }

        it 'is successful' do
          expect(repository).to receive(:root_ref_sha).and_raise(StandardError)
          expect(result.status).to eq(:success)
        end
      end

      unless skip_w_params
        context 'with parameters' do
          let(:params) { non_empty_params }

          it 'returns the path to create a new merge request' do
            expect(result.status).to eq(:success)
            expect(result.payload[:success_path]).to match(/#{Gitlab::Routing.url_helpers.project_new_merge_request_url(project, {})}(.*)description(.*)source_branch/)
          end
        end
      end
    end
  end
end