stacklok
Test use case vulnerability check
Write an integration test covering the code path that goes from Minder receiving a webhook event to Minder opening a PR.
The test should cover
- webhook handler
- transmission of the event through watermill from the handler to the executor (preferably via Postgres)
- execution of the desired ingestion engine
- execution of the desired evaluation engine
- execution of the desired remediation engine
The test should check that a PR comment with the expected content is created.
Acceptance criteria
Given a profile test exists
Given profile test has a rule of type pr_vulnerability_check
Given the rule pr_vulnerability_check in profile test is configured to block vulnerable dependencies
When I receive a webhook event about a new PR
And the PR adds a malicious dependency
Then a review comment is added to the PR
Then a record exists in history with status failed
Given a profile test exists
Given profile test has a rule of type pr_vulnerability_check
Given the rule pr_vulnerability_check in profile test is configured to summarize malicious dependencies
When I receive a webhook event about a new PR
And the PR adds a malicious dependency
Then a comment is added to the PR
Then a record exists in history with status failed
Given a profile test exists
Given profile test has a rule of type pr_vulnerability_check
Given the rule pr_vulnerability_check in profile test is configured to profile malicious dependencies
When I receive a webhook event about a new PR
And the PR adds a malicious dependency
Then a record exists in history with status failed
