Scan execution create pipeline

b8404fd8 · Marcos Rocha · 99a2a51a · b8404fd8
Verified Commit b8404fd8 authored 1 year ago by Marcos Rocha
--- a/lib/gitlab/ci/pipeline/chain/config/content.rb
+++ b/lib/gitlab/ci/pipeline/chain/config/content.rb
@@ -10,14 +10,14 @@ class Content < Chain::Base
            include ::Gitlab::Utils::StrongMemoize

            def perform!
-              puts '########create_pipelines Content perform!########'
-              #logger.info('########Here########')
-
              if pipeline_config&.exists?
-                @pipeline.build_pipeline_config(content: pipeline_config.content)
-                @command.config_content = pipeline_config.content
-                @pipeline.config_source = pipeline_config.source
-                @command.pipeline_config = pipeline_config
+                config = pipeline_config
+                config = merge_security_policies(config) if security_policies_enabled?
+                build_pipeline_config(config)
+              elsif security_policies_enabled?
+                security_policies_config = {}
+                security_policies_config = merge_security_policies(security_policies_config)
+                build_pipeline_config(security_policies_config)
              else
                error('Missing CI config file')
              end
@@ -29,6 +29,24 @@ def break?

            private

+            def build_pipeline_config(pipeline_config)
+              @pipeline.build_pipeline_config(content: pipeline_config.content)
+              @command.config_content = pipeline_config.content
+              @pipeline.config_source = pipeline_config.source
+              @command.pipeline_config = pipeline_config
+            end
+
+            def security_policies_enabled?
+              Feature.enabled?(:scan_execution_policy_pipeline, project) && project&.feature_available?(:security_orchestration_policies)
+            end
+
+            def merge_security_policies(config)
+              ::Gitlab::Ci::Config::SecurityOrchestrationPolicies::Processor.new(config,
+                project,
+                @pipeline.ref,
+                pipeline_config.source).perform
+            end
+
            def pipeline_config
              strong_memoize(:pipeline_config) do
                ::Gitlab::Ci::ProjectConfig.new(