Refactor AST templates specs

Olivier Gonzalezrequested to merge
refactor_AST_template_specs into 410880-MR-pipelines-support-in-AST-CI-templates

What does this MR do and why?

Refactor the specs for AST CI/CD templates to

  • remove outdated specs
  • increase coverage by adding missing specs
  • fix broken specs (false negatives)
  • reorganize tests structure
  • optimize test setup (limit record creation with let_it_be and before(:context)
  • assign proper feature category
  • add shared_context and shared_examples to reduce duplication accross spec files

Specs related to deprecated templates have not been modified.

Tests structure

The template spec usually follows this structure:

  • without and with required stage (dast only)
  • without license
  • with Ultimate license
    • default branch pipeline
      • has proper jobs and variables defined?
    • feature branch pipeline
      • has proper jobs and variables defined?
    • MR pipeline
      • has proper jobs and variables defined?

There are additional test cases specific to some templates, and for instance SAST and Dependency Scanning have an exhaustively tested file detection system using rules:exists.

The purpose of this structure is to ensure we limit the creation of records during the setup by:

  • First, instantiating a project (with the required files when relevant)
  • then creating the necessary setup to trigger the desired type of pipeline
  • then executing all test cases within that scenario

Some test cases are voluntarily limited to the default branch pipeline for simplicity and saving time as other pipeline types don't influence them.

Performance

The new test structure and the optimized test setup allow to cut the execution time in half! 🏃

BEFORE (master):

bundle exec spring rspec ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb ee/spec/lib/gitlab/ci/templates/Security/bas_latest_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_discovery_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_fuzzing_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_fuzzing_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_security_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_security_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/container_scanning_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/container_scanning_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/coverage_fuzzing_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/coverage_fuzzing_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_api_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_api_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dependency_scanning_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_iac_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/secret_detection_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/secret_detection_latest_gitlab_ci_yaml_spec.rb ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb

Test environment set up in 2.06504 seconds
Finished in 14 minutes 19 seconds (files took 4.56 seconds to load)
1311 examples, 0 failures

AFTER (this MR):

bundle exec spring rspec ee/spec/lib/gitlab/ci/config/security_orchestration_policies/processor_spec.rb ee/spec/lib/gitlab/ci/templates/Security/bas_latest_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_discovery_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_fuzzing_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_fuzzing_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_security_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/api_security_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/container_scanning_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/container_scanning_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/coverage_fuzzing_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/coverage_fuzzing_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_api_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_api_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dast_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dependency_scanning_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/dependency_scanning_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_iac_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_iac_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/sast_latest_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/secret_detection_gitlab_ci_yaml_spec.rb ee/spec/lib/gitlab/ci/templates/secret_detection_latest_gitlab_ci_yaml_spec.rb ee/spec/services/security/security_orchestration_policies/ci_action/template_spec.rb

Test environment set up in 2.07699 seconds

Finished in 8 minutes 30 seconds (files took 4.46 seconds to load)
1404 examples, 0 failures

References

Screenshots or screen recordings

Before After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Olivier Gonzalez

Merge request reports