1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Projects::Ci::LintsController, feature_category: :pipeline_composition do
include StubRequests
let_it_be(:project) { create(:project, :repository) }
let_it_be(:user) { create(:user) }
before do
sign_in(user)
end
describe 'GET #show' do
context 'with enough privileges' do
before do
project.add_developer(user)
get :show, params: { namespace_id: project.namespace, project_id: project }
end
it { expect(response).to have_gitlab_http_status(:ok) }
it 'renders show page' do
expect(response).to render_template :show
end
it 'retrieves project' do
expect(assigns(:project)).to eq(project)
end
end
context 'without enough privileges' do
before do
project.add_guest(user)
get :show, params: { namespace_id: project.namespace, project_id: project }
end
it 'responds with 404' do
expect(response).to have_gitlab_http_status(:not_found)
end
end
end
describe 'POST #create' do
subject { post :create, params: params }
let(:params) { { namespace_id: project.namespace, project_id: project, content: content, format: :json } }
let(:remote_file_path) { 'https://gitlab.com/gitlab-org/gitlab-foss/blob/1234/.gitlab-ci-1.yml' }
let(:parsed_body) { Gitlab::Json.parse(response.body) }
let(:remote_file_content) do
<<~HEREDOC
before_script:
- apt-get update -qq && apt-get install -y -qq sqlite3 libsqlite3-dev nodejs
- ruby -v
- which ruby
- bundle install --jobs $(nproc) "${FLAGS[@]}"
HEREDOC
end
let(:content) do
<<~HEREDOC
include:
- #{remote_file_path}
rubocop:
script:
- bundle exec rubocop
HEREDOC
end
shared_examples 'returns a successful validation' do
before do
subject
end
it 'returns successfully' do
expect(response).to have_gitlab_http_status :ok
end
it 'renders json' do
expect(response.media_type).to eq 'application/json'
expect(parsed_body).to include('errors', 'warnings', 'jobs', 'valid')
expect(parsed_body).to match_schema('entities/lint_result_entity')
end
it 'retrieves project' do
expect(assigns(:project)).to eq(project)
end
end
context 'with a valid gitlab-ci.yml' do
before do
stub_full_request(remote_file_path).to_return(body: remote_file_content)
project.add_developer(user)
end
it_behaves_like 'returns a successful validation'
context 'using legacy validation (YamlProcessor)' do
it_behaves_like 'returns a successful validation'
it 'runs validations through YamlProcessor' do
expect(Gitlab::Ci::YamlProcessor).to receive(:new).and_call_original
subject
end
end
context 'using dry_run mode' do
subject { post :create, params: params.merge(dry_run: 'true') }
it_behaves_like 'returns a successful validation'
it 'runs validations through Ci::CreatePipelineService' do
expect(Ci::CreatePipelineService)
.to receive(:new)
.with(project, user, ref: 'master')
.and_call_original
subject
end
end
end
context 'with an invalid gitlab-ci.yml' do
let(:content) do
<<~HEREDOC
rubocop:
scriptt:
- bundle exec rubocop
HEREDOC
end
before do
project.add_developer(user)
subject
end
it_behaves_like 'returns a successful validation'
it 'assigns result with errors' do
expect(parsed_body['errors']).to match_array(
[
'jobs rubocop config should implement the script:, run:, or trigger: keyword',
'jobs config should contain at least one visible job'
])
end
context 'with dry_run mode' do
subject { post :create, params: params.merge(dry_run: 'true') }
it 'assigns result with errors' do
expect(
parsed_body['errors']
).to match_array(['jobs rubocop config should implement the script:, run:, or trigger: keyword'])
end
it_behaves_like 'returns a successful validation'
end
end
context 'when the current user cannot run pipelines at all' do
before do
project.add_guest(user)
end
it 'responds with a 404' do
post :create, params: { namespace_id: project.namespace, project_id: project, content: content }
expect(response).to have_gitlab_http_status(:not_found)
end
end
context 'when the current user cannot run pipelines on protected branches' do
# The create action lints the given CI config as if it was on the default branch.
# The default branch is protected by default, which means it can access protected variables.
# Developers don't have permission to access protected variables,
# so we can't allow them to use this endpoint.
let(:content) do
<<~HEREDOC
include:
- #{remote_file_path}
rubocop:
script:
- bundle exec rubocop
HEREDOC
end
let(:remote_file_path) { 'https://test.example.com/${SECRET_TOKEN}.yml' }
before do
project.add_developer(user)
sha = project.repository.commit.sha # this is always the sha used by this endpoint for linting
ref = Gitlab::Ci::RefFinder.new(project).find_by_sha(sha)
create(:protected_branch, name: ref, project: project)
create(:ci_variable, key: 'SECRET_TOKEN', value: 'secret!!!!!', project: project, protected: true)
end
it 'does not expand protected variables' do
post :create, params: { namespace_id: project.namespace, project_id: project, content: content }
expect(parsed_body['errors']).to match_array([
'Included file `https://test.example.com/.yml` does not have YAML extension!'
])
end
end
end
end
|
