Update Secret Push Protection Spec, capture output
What does this MR do and why?
Update Secret Push Protection Spec, capture output
It is suspected that when ran on Staging that the output of a failed commit is dropped. This updates the run command to allow failure messages to be captured by the test
See https://gitlab.com/gitlab-org/gitlab/-/issues/469440#note_1982892516
The test can be ran and ran and ran and ran locally against Staging and it passes every time. When it runs on Staging itself, the logs capture the expected commit error, but the test does not.
This MR allows the test visibility to the commit error message.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
This test targets environments - Staging, Production and the Canaries. (see https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection/ )
From the qa
directory target Staging:
bundle install
GITLAB_QA_USER_AGENT=<USER_AGENT> GITLAB_USERNAME=<USERNAME> GITLAB_QA_ACCESS_TOKEN="<ACCESS_TOKEN>" GITLAB_PASSWORD="<GITLAB_PASSWORD>" QA_DEBUG=true WEBDRIVER_HEADLESS=false bundle exec bin/qa Test::Instance::All https://staging.gitlab.com qa/specs/features/ee/browser_ui/13_secure/secret_push_protection_spec.rb
NOTE - also check the negative case:
Edit the expected result eg. ln 39 of ./qa/specs/features/ee/browser_ui/13_secure/secret_push_protection_spec.rb
PUSH BLOCKED: Secrets detected in cde changes
Check that the test fails but displays the diff eg.
Diff:
@@ -1,2 +1,12 @@
-/.*(PUSH BLOCKED: Secrets detected in cde changes )[\s\S]*(Secret push protection found the following secrets in commit)[\s\S]*(GitLab Personal Access Token)[\s\S]*(To push your changes you must remove the identified secrets.)/
+remote: GitLab:
+remote: PUSH BLOCKED: Secrets detected in code changes
+remote:
+remote: Secret push protection found the following secrets in commit: 3607c5f560d4719f88a8163750973b1a382c0edc
+remote: -- new-file:1 | GitLab Personal Access Token
+remote:
+remote: To push your changes you must remove the identified secrets.
+remote: For guidance, see https://staging.gitlab.com/help/user/application_security/secret_detection/secret_push_protection/index.html#resolve-a-blocked-push