# frozen_string_literal: true

require 'spec_helper'

describe ReleaseTools::PatchRelease::SecurityIssue do
  let(:crawler) do
    instance_spy(
      ReleaseTools::Security::IssueCrawler,
      related_security_issues: [create(:issue)]
    )
  end

  let(:versions) do
    [
      ReleaseTools::Version.new('12.7.4'),
      ReleaseTools::Version.new('12.6.6'),
      ReleaseTools::Version.new('12.5.9')
    ]
  end

  let(:helm_version_finder) { instance_double(ReleaseTools::Helm::HelmVersionFinder) }

  before do
    coordinator = instance_double(
      ReleaseTools::PatchRelease::Coordinator,
      versions: versions
    )

    allow(ReleaseTools::PatchRelease::Coordinator)
      .to receive(:new)
      .and_return(coordinator)

    allow(ReleaseTools::Security::IssueCrawler)
      .to receive(:new)
      .and_return(crawler)

    allow(ReleaseTools::Helm::HelmVersionFinder)
      .to receive(:new)
      .and_return(helm_version_finder)

    allow(helm_version_finder).to receive(:execute).with('12.7.4').and_return('1.3.4')
    allow(helm_version_finder).to receive(:execute).with('12.6.6').and_return('1.4.5')
    allow(helm_version_finder).to receive(:execute).with('12.5.9').and_return('1.5.6')
  end

  subject(:issue) { described_class.new }

  it_behaves_like 'issuable #initialize'

  describe '#title' do
    context 'with a regular patch release' do
      it 'includes all the versions' do
        expect(issue.title).to eq('Patch release: 12.7.4, 12.6.6, 12.5.9')
      end
    end

    context 'with a critical patch release' do
      it 'includes the critical part' do
        allow(ReleaseTools::SharedStatus)
          .to receive(:critical_patch_release?)
          .and_return(true)

        expect(issue.title).to eq('Critical patch release: 12.7.4, 12.6.6, 12.5.9')
      end
    end
  end

  describe '#confidential?' do
    it 'is always confidential' do
      expect(issue).to be_confidential
    end
  end

  describe '#labels' do
    it 'includes the "security" label' do
      expect(issue.labels).to eq 'Monthly Release,security'
    end
  end

  describe '#description' do
    let(:tracking_issue) { build(:issue, web_url: 'http://example.com') }
    let(:security_release_pipeline) { build(:issue, web_url: 'http://example.com') }

    before do
      allow(issue).to receive_messages(security_release_tracking_issue: tracking_issue, release_pipeline: security_release_pipeline)
    end

    it 'includes a step to perform a patch release' do
      content = issue.description

      expect(content).to include 'Start the `security_release_release_preparation:start` job of the security pipeline'
    end

    it 'includes a step to publish the packages' do
      content = issue.description

      expect(content).to include 'Start the `security_release_publish:start` job of the security pipeline'
    end

    it 'includes the correct instance for packages' do
      content = issue.description

      expect(content).to include 'release.gitlab.net'
    end

    it 'returns Helm versions' do
      content = issue.description

      expect(content).to include 'https://dev.gitlab.org/gitlab/charts/gitlab/-/pipelines/?ref=v1.3.4'
      expect(content).to include 'https://dev.gitlab.org/gitlab/charts/gitlab/-/pipelines/?ref=v1.4.5'
      expect(content).to include 'https://dev.gitlab.org/gitlab/charts/gitlab/-/pipelines/?ref=v1.5.6'
    end
  end

  describe '#version' do
    it 'returns the highest version' do
      expect(issue.version).to eq('12.7.4')
    end

    context 'with unsorted versions' do
      let(:versions) do
        [
          ReleaseTools::Version.new('12.6.6'),
          ReleaseTools::Version.new('12.7.4'),
          ReleaseTools::Version.new('12.5.9')
        ]
      end

      it 'returns the highest version' do
        expect(issue.version).to eq('12.7.4')
      end
    end
  end

  describe '#critical?' do
    context 'with a regular patch release' do
      it { is_expected.not_to be_critical }
    end

    context 'with a critical patch release' do
      before do
        allow(ReleaseTools::SharedStatus)
          .to receive(:critical_patch_release?)
          .and_return(true)
      end

      it { is_expected.to be_critical }
    end
  end

  describe '#regular?' do
    context 'with a regular patch release' do
      it { is_expected.to be_regular }
    end

    context 'with a critical patch release' do
      before do
        allow(ReleaseTools::SharedStatus)
          .to receive(:critical_patch_release?)
          .and_return(true)
      end

      it { is_expected.not_to be_regular }
    end
  end

  describe '#create' do
    it 'creates a security pipeline' do
      expect(issue).to receive(:release_pipeline)
      expect(ReleaseTools::GitlabClient).to receive(:create_issue)
        .with(issue, issue.project).and_return(true)

      issue.create
    end
  end

  describe '#release_pipeline' do
    let(:web_url) { "https://gitlab.example.com/pipelines/123" }
    let(:dry_run_url) { "https://example.com/foo/bar/-/pipelines/1" }

    it "creates a security pipeline on the ops instance" do
      expect(ReleaseTools::GitlabOpsClient).to receive(:create_pipeline).with(
        ReleaseTools::Project::ReleaseTools,
        {
          SECURITY_RELEASE_PIPELINE: 'true',
          SECURITY: nil
        }
      ).and_return(double(web_url: web_url))

      without_dry_run do
        expect(issue.release_pipeline.web_url).to eq(web_url)
      end
    end

    context 'critical patch release' do
      it "creates a patch release injecting the SECURITY variable" do
        expect(ReleaseTools::GitlabOpsClient).to receive(:create_pipeline).with(
          ReleaseTools::Project::ReleaseTools,
          {
            SECURITY_RELEASE_PIPELINE: 'true',
            SECURITY: 'critical'
          }
        ).and_return(double(web_url: web_url))

        without_dry_run do
          ClimateControl.modify('SECURITY' => 'critical') do
            expect(issue.release_pipeline.web_url).to eq(web_url)
          end
        end
        expect(issue.release_pipeline.web_url).to eq(web_url)
      end
    end

    context 'in dry run mode' do
      it 'imitates the create_pipeline API response' do
        expect(ReleaseTools::GitlabOpsClient).not_to receive(:create_pipeline)

        expect(issue.release_pipeline.web_url).to eq(dry_run_url)
      end
    end
  end

  describe '#unsupported_projects_list' do
    it 'returns a comma separated string list of the managed versioning projects' do
      expect(issue.unsupported_projects_list).to eq('cng-ee, gitaly, gitlab-pages')
    end
  end

  describe '#security_release_tracking_issue' do
    it 'returns the patch release tracking issue' do
      tracking_issue = build(:issue)
      expect(ReleaseTools::GitlabClient).to receive(:next_security_tracking_issue)
        .and_return(tracking_issue)

      expect(issue.security_release_tracking_issue).to eq(tracking_issue)
    end
  end

  describe '#version_type' do
    it 'returns the patch release type' do
      expect(issue.version_type).to eq('Non Critical')
    end

    context 'on a critical patch release' do
      it 'returns the associated patch release type' do
        allow(ReleaseTools::SharedStatus)
          .to receive(:critical_patch_release?)
          .and_return(true)

        expect(issue.version_type).to eq('Critical')
      end
    end
  end

  describe '#due_date' do
    it 'returns the same date as the tracking issue' do
      tracking_issue = build(:issue, due_date: '2024-04-01')

      allow(ReleaseTools::GitlabClient)
        .to receive(:next_security_tracking_issue)
        .and_return(tracking_issue)

      expect(issue.due_date).to eq('2024-04-01')
    end
  end
end