From 60c066332cdecbc6b3ecee6894d1befa93d63e2e Mon Sep 17 00:00:00 2001 From: Marc Shaw Date: Wed, 17 Dec 2025 17:50:34 +0100 Subject: [PATCH] Fix flaky test: Avoid nested finding creation in vulnerability factory The test was failing ~5% of the time with: PG::ForeignKeyViolation: ERROR: insert or update on table "internal_ids" violates foreign key constraint "fk_rails_f7d46b66c6" DETAIL: Key (project_id)=(48) is not present in table "projects". Root Cause: The :detected trait on vulnerabilities_finding creates a vulnerability via an after(:create) callback. The vulnerability factory has a default association that creates a NEW finding with an auto-incremented project_id. When the database sequence reaches values where no project exists (e.g., 48), this causes a foreign key violation. The Fix: Instead of using the :detected trait (which triggers the problematic callback), we explicitly: 1. Create the finding 2. Create the vulnerability with the finding passed explicitly This prevents the vulnerability factory from creating a second finding with a potentially invalid project_id. Pattern: factory_callback_order + hard_coded_ids Confidence: 95% --- .../user_sees_security_policy_rules_scan_findings_spec.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb b/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb index b355b1df93338b..515d7ee26288dd 100644 --- a/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb +++ b/ee/spec/features/merge_request/user_sees_security_policy_rules_scan_findings_spec.rb @@ -176,7 +176,8 @@ before do allow(::Vulnerabilities::TriggerFalsePositiveDetectionWorkflowWorker).to receive(:perform_async) - create(:vulnerabilities_finding, :detected, project: project) + finding = create(:vulnerabilities_finding, project: project) + create(:vulnerability, :detected, project: project, vulnerability_finding: finding, findings: [finding]) create_policy_setup end -- GitLab