67 lines
2.3 KiB
Ruby
67 lines
2.3 KiB
Ruby
|
# frozen_string_literal: true
|
||
|
|
||
|
module Security
|
||
|
module CiConfiguration
|
||
|
class SastCreateService < ::BaseService
|
||
|
def initialize(project, current_user, params)
|
||
|
@project = project
|
||
|
@current_user = current_user
|
||
|
@params = params
|
||
|
@branch_name = @project.repository.next_branch('set-sast-config')
|
||
|
end
|
||
|
|
||
|
def execute
|
||
|
attributes_for_commit = attributes
|
||
|
result = ::Files::MultiService.new(@project, @current_user, attributes_for_commit).execute
|
||
|
|
||
|
if result[:status] == :success
|
||
|
result[:success_path] = successful_change_path
|
||
|
track_event(attributes_for_commit)
|
||
|
else
|
||
|
result[:errors] = result[:message]
|
||
|
end
|
||
|
|
||
|
result
|
||
|
|
||
|
rescue Gitlab::Git::PreReceiveError => e
|
||
|
{ status: :error, errors: e.message }
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
def attributes
|
||
|
actions = Security::CiConfiguration::SastBuildActions.new(@project.auto_devops_enabled?, @params, existing_gitlab_ci_content).generate
|
||
|
|
||
|
@project.repository.add_branch(@current_user, @branch_name, @project.default_branch)
|
||
|
message = _('Set .gitlab-ci.yml to enable or configure SAST')
|
||
|
|
||
|
{
|
||
|
commit_message: message,
|
||
|
branch_name: @branch_name,
|
||
|
start_branch: @branch_name,
|
||
|
actions: actions
|
||
|
}
|
||
|
end
|
||
|
|
||
|
def existing_gitlab_ci_content
|
||
|
gitlab_ci_yml = @project.repository.gitlab_ci_yml_for(@project.repository.root_ref_sha)
|
||
|
YAML.safe_load(gitlab_ci_yml) if gitlab_ci_yml
|
||
|
end
|
||
|
|
||
|
def successful_change_path
|
||
|
description = _('Set .gitlab-ci.yml to enable or configure SAST security scanning using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings) to customize SAST settings.')
|
||
|
merge_request_params = { source_branch: @branch_name, description: description }
|
||
|
Gitlab::Routing.url_helpers.project_new_merge_request_url(@project, merge_request: merge_request_params)
|
||
|
end
|
||
|
|
||
|
def track_event(attributes_for_commit)
|
||
|
action = attributes_for_commit[:actions].first
|
||
|
|
||
|
Gitlab::Tracking.event(
|
||
|
self.class.to_s, action[:action], label: action[:default_values_overwritten].to_s
|
||
|
)
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|