Automate vendoring of security report schemas

Why are we doing this work

In order to validate security reports using the security report schemas in gitlab-org/gitlab, the schemas must be vendored with the GitLab rails application.

Automating the process ensures that the required schemas can be added correctly and consistently by anyone.

Relevant links

• Release Policy
• Example scenarios (internal link)

Non-functional requirements

• Documentation: Update how-to-release-a-new-version-of-the-schema with information about how to release the schemas to GitLab Rails.
• Testing: This will have to be manually tested using a fork of the schemas and a project other than GitLab Rails.

Implementation plan

• Add a new CI job, deploy-gitlab-rails to the deploy stage of the Secure schemas CI pipeline. This should be setup similar to deploy-npm, such that it runs automatically once the job release has been manually triggered and has completed successfully. The deploy-gitlab-rails should only run on the default project branch master.
• Introduce a GitLab token that will give the script permission to push a branch to GitLab Rails, and create an MR using the API
• When the new CI job runs, it should create and push a new branch to the GitLab Rails code base:
  • Check out the code
  • Create a new branch named add-secure-schemas-[version]
  • Copy all of the files in the dist schemas folder into a new folder in GitLab Rails, ee/lib/gitlab/ci/parsers/security/validators/schemas/[version]
  • Commit the change
  • Push the branch to the origin remote
• Create an MR on the GitLab Rails project using the API
  • Assign the MR to the nominated MR person who will ensure the MR is merged (initially, @cam_swords)
  • Add a sensible description
  • The MR should merge the new branch add-secure-schemas-[version] into the default GitLab Rails branch master.

Steps following this to get the MR merged into Rails will be manually completed by the nominated MR person.

Giving this issue a weight of 2.