Dependency Scanning - MVC to enable within the UI - Backend
release notes gitlab-com/www-gitlab-com!85841 (merged)
frontend part #282533 (comment 448413910)
Why are we doing this work
We need to add an Enable button on the Dependency Scanning row within the Security Configuration page. When clicked, the backend will create an MR and the user will be directed to the MR page.
We're going to create a GraphQL endpoint that will create a Merge Request for enabling ~"Category:Dependency Scanning" by updating gitlab_ci.yml
. This feature is already enabled for SAST so we can reuse some code.
Relevant links
- Frotend Issue -->
Non-functional requirements
- [-] Documentation: is a part of frontend
-
Feature flag: name will be discussed with frontend counterpart. We need to add feature flag to mutation. -
Testing: unit tests for service and mutation, test in graphql console
Implementation plan
-
Create GraphQL mutation ::Mutations::Security::CiConfiguration::ConfigureDependencyScanning
(similar toConfigureSast
) -
To reuse parts of ConfigureSast
extract them into a base mutationConfigureSecurityAnalyzer
-
Created separate issue Remove duplication from Security::CiConfiguration GraphQL mutations to handle this
-
-
Create Security::CiConfiguration::DependencyScanningCreateService
based onSecurity::CiConfiguration::BaseCreateService
-
Create Security::CiConfiguration::DependencyScanningBuildAction
based onSecurity::CiConfiguration::BaseBuildAction
-
Check that all new entities have test coverage and there are no regressions. -
Remove configure_dependency_scanning
from the list of known invalid queries inconfig/known_invalid_graphql_queries.yml
Availability and Testing
SET to update existing E2E tests, or create a new E2E test to test that when selected the gitlab-ci
is updated. gitlab-org/quality/testcases#1666 (closed)
Edited by Adam Cohen