Ignore any type::maintenance OR security-fix-in-public
This MR does a bit of refactoring to more cleanly decide whether an MR is alertworthy or not.
It introduces new behavior: ignoring any type::maintenance labelled issue.
It modifies existing behavior: previously it had to be ~bug::vuln AND NOT security-fix-in-public. Now the behavior is to ignore ANY security-fix-in-public.
It also, hopefully, makes it easier to ignore or alert on new label combos in the future.
Alerter messaging has been updated; it's a bit more generic now but still gets the message across.
It simplifies the logic of checking whether to alert in DetectorService, moving that decision into MergeRequest. The MergeRequest class is now the SSoT for deciding whether to alert, whether to fetch its issues, etc.
It removes some "should I fetch issues" logic from Alerter::Slack since that was duplicative.
Part of the rationale for the refactor is that, since this is an open
source tool, it really shouldn't be hardcoding in GitLab-specific
questions like vuln_but_not_fix_in_public?
.
Closes #26 (closed)