Ensure consistent behavior across CI reports

Problem

Today the experience with dealing with CI reports is inconsistent:

• some reports (like Code Coverage) combines the data from multiple artifacts and store the result into a pipeline artifact. This is the correct way!
• some reports are not persisted as pipeline artifacts. The report is generated all the time (using ReactiveCache to reduce performance impacts).
• some reports have built-in assumptions that the report must come from only 1 job within the pipeline. This is a wrong assumption because the artifact is a datapoint that contributes to the report. Multiple artifacts (from multiple jobs) can contribute to the report. If a pipeline has 2 SAST jobs running. This wrong assumption will show the report with data from 1 job only instead of combining the data into a single report.
  • https://gitlab.com/gitlab-org/gitlab/-/blob/a13e153b7aef7e655948457f8a599e5e6658c6cc/ee/app/services/security/report_fetch_service.rb#L21-23
  • https://gitlab.com/gitlab-org/gitlab/-/blob/67bae0efde93c103916989355fbfc8e7ecf5efcc/app/models/ci/pipeline.rb#L693
  • Because of that browser_performance and load_performance only pick the first artifact of the given type in a pipeline. Any other artifacts of the same type are completely ignored.
• For some report types we do server-side comparison between reports
• For other report types we do client-side comparison between reports

There are also other problems related to the lack of abstractions: other domains leveraging the report feature deal directly with implementation details, making it difficult to refactor code or make changes.

• Artifacts are a storage feature for data. They have a type associated to it as "metadata" so we can have dedicated strategies on how to interpret the data.
• A build can generate multiple artifacts, but only 1 artifact of a give type per build.
• A pipeline, by consequence, can have multiple artifacts of a given type as it can have multiple builds.
• A report is parsed data combined from multiple artifacts of a given type.
  • Because it's data, it could be a persistent pipeline artifact, automatically generated when the pipeline completes.
  • The parser must consider that data may come from multiple artifacts across multiple builds.
  • The report is produced for a given a pipeline. Trying to generate reports from a single or a collection of builds may produce incomplete data.

Here below is a scenario of a pipeline with multiple artifacts:

flowchart TD

Pipeline --> Job1 --> cqart1[CodeQuality 1/2]
Pipeline --> Job2 --> cqart2[CodeQuality 2/2]
Pipeline --> Job3 --> tr1[TestReport]
Pipeline --> child[Child pipeline]
child --> Job4
child --> Job5 --> ds[CodeCoverage]

• The Code quality report should contain data from Job1 and Job2.
• The test report contains data from Job3.
• The Code coverage report, generated in Job5 should be available as MR report through the parent pipeline - Currently being done.

Among these 3 cases there should be a common abstraction.

Proposal

Introduce abstractions that can ensure a consistent behavior and expectation across all reports. The abstractions should hide implementation details, providing a consistent framework for reports.

class Ci::Reports::Factory
  REPORTS = {
    code_quality: ::Ci::Reports::CodeQuality,
    junit: ::Ci::Reports::Junit,
    # ...
  }.freeze

  COMPARERS = {
    code_quality: ::Gitlab::Ci::Reports::CodequalityReportsComparer,
    # ...
  }
 
  def self.report(type:, pipeline:)
    return unless pipeline
    return unless pipeline.pipeline_artifacts&.report_exists?(type)

    REPORTS.fetch(type).new(pipeline)
  end

  def self.compare(type:, base_pipeline:, head_pipeline:)
    base_report = report(type: type, pipeline: base_pipeline)
    head_report = report(type: type, pipeline: head_pipeline)

    COMPARERS.fetch(type).new.compare(base_report, head_report)
  end
end

class Ci::Reports::BaseReport
  def initialize(pipeline)
    @pipeline = pipeline
  end

  def report_type
    raise NotImplementedError
  end

  def parser
    raise NotImplementedError
  end

  def empty?
    data.empty?
  end

  private

  def data
    @data ||= collect_data || {}
  end
  
  def collect_data
    return unless pipeline
    return unless pipeline.pipeline_artifacts&.report_exists?(report_type)

    # read blob from pipeline artifact and parse it.
  end
end

class Ci::Reports::CodeQuality < Ci::Reports::BaseReport
  def report_type
    :code_quality # or use a method/constant from Ci::JobArtifact
  end

  def parser
    ::Gitlab::Ci::Parsers::Codequality::CodeClimate
  end
  
  def degradations_count
    data.count
  end

  def all_degradations
    data.values
  end
end

# Use as:
report = Ci::Reports::Factory.fabricate(type: :code_quality, pipeline: pipeline)

# instead of using `pipeline.has_code_quality_reports?`
if report
  report.data
else
  # none of the builds had any code quality artifacts
end

Reports comparison for merge requests could be extracted out of MergeRequest model and into a generic comparison engine.

comparison_report = Ci::Reports::Factory.compare(type: :code_quality, head_pipeline: head_pipeline, base_pipeline: base_pipeline)

Always ensure that when a pipeline completes we generate a report from merging all the artifacts:

after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline|
  pipeline.run_after_commit do
    # For every artifact report type in the pipeline, generate a pipeline artifact
    # with merged data.
    ::Ci::Reports::GenerateReportsWorker.perform_async(pipeline.id)
  end
end

class Ci::Reports::GenerateReportsService
  def initialize(pipeline)
    @pipeline = pipeline
  end

  def execute
    types.each do |type|
      report = Ci::Reports::Factory.report(type: type, pipeline: pipeline)
      create_pipeline_artifact(report)
    end
  end

  def all_types
    # select all unique artifact report types in self and descendants
  end
end

added Category:Build Artifacts backend grouppipeline security maintenancerefactor severity1 typemaintenance + 1 deleted label

marked this issue as related to #363334

cc @alberts-gitlab @morefice @iamricecake

As I'm reviewing !88633 (merged) I'm noticing that the inconsistencies around artifacts and reports are making it hard to change the behavior. An important problem is that domains that use artifacts/reports feature (for Secure stage) have built behavior on top of implementation details.

I would love your thoughts on this, as I think it is an important tech debt to tackle as #363334.

@shampton IMO this is a severity1 tech debt since these inconsistencies are making it very difficult to make changes that were apparently orthogonal such as #215725 (closed). Also, because of these design problems we have bugs and new ones could be easily introduced.

Thanks @fabiopitino - this is really helpful and something we will for sure take a look at.

@alberts-gitlab @morefice @iamricecake I'd love to hear your thoughts on this.

@jocelynjane this does have an impact on child pipeline artifacts due to how many different implementations of reports there are.

Artifacts are a storage feature for data.

I agree with this %. Currently, in code, a job artifact and a report are the same. However, it is not true once we consider pipeline with reports coming from multiple jobs or reports from multiple child pipelines.

A report is a single view of everything that happened within the pipeline hierarchy. It is built on top of the data produced by the jobs and stored as job artifact.

Through !88633 (merged), I think I have a clearer idea of the abstraction we need. From the job artifact and pipeline perspective, the concern should be how to produce a single "Report" view across the entire pipeline hierarchy, by presenting all job artifacts of the same type in the hierarchy.

On the domain level (code coverage, test, security, etc), the concern would be to provide the data parsing mechanism and the concrete report that needs to be produced.

@fabiopitino @alberts-gitlab @iamricecake @shampton

Thanks for writing down some pseudo code it helps to better understand what problem we want to solve here.

As I'm reviewing !88633 (merged) I'm noticing that the inconsistencies around artifacts and reports are making it hard to change the behavior.

Overall this is a great improvement for better readability and maintainability. I agree now that we support 26 different report types, it makes sense to take in consideration how to better abstract report generation/consumption.

If I understand this proposal correctly, we will now use Ci::PipelineArtifact to persist aggregation of multiple reports for all our report? Correct me if I'm wrong here

Few things I would like to keep in mind while doing this refactor.

• Prevent new report from being added while building this new architecture?
• Should we parallelize report generation? The sooner the data is viewable the better the experience is for our users
• Start with a report type having a low usage to make sure everything works as expected?
• Investigate how to populate those reports before pipeline completion, as Erick mentioned

If I understand this proposal correctly, we will now use Ci::PipelineArtifact to persist aggregation of multiple reports for all our report? Correct me if I'm wrong here

We may need to add an abstraction here. Security reports are not stored as pipeline artifacts and instead they are converted into an AR model directly (e.g. Security::Finding). So each artifact type could define an output strategy:

• For security findings, it's to take the artifacts from the jobs and convert them to AR model.
• For code coverage, it's to combine them and store the result as pipeline artifact.
• etc.

• Should we parallelize report generation? The sooner the data is viewable the better the experience is for our users

I think we should ensure that each report is processed asynchronously to enforce that they should all be independent of each other. There are some reports that are generated as soon as the job completes (e.g. security reports) while other reports are generated as soon as the pipeline finishes (e.g. coverage reports).

We could even leverage Gitlab::EventStore to publish an event when a pipeline or job finishes and each artifact type handles the reporting async as a subscriber of the event.

@fabiopitino

We may need to add an abstraction here

Yes, not sure how this will look like yet

So each artifact type could define an output strategy:

Interesting good idea!

cc @iamricecake this might be a good option to speed up our test_report endpoint if we persist the data at the database level.

We could even leverage Gitlab::EventStore to publish an event when a pipeline or job finishes and each artifact type handles the reporting async as a subscriber of the event.

Yep that would be ideal

If I understand this proposal correctly, we will now use Ci::PipelineArtifact to persist aggregation of multiple reports for all our report? Correct me if I'm wrong here

I don't think we should enforce the use of Ci::PipelineArtifact. If a report encapsulates the result of various builds, each report should be able to implement its own storage method. The way Ci::PipelineArtifact uses file storage may not be appropriate in all use cases.

mentioned in issue #363334

Setting label(s) devopsverify sectionops based on ~"group::pipeline insights".

added devopsverify sectionops + 1 deleted label

changed milestone to %Backlog

added [deprecated] Accepting merge requests + 1 deleted label

added priority2 + 1 deleted label

removed priority2 + 1 deleted label

added priority2 + 1 deleted label

Adding note from !91172 (comment 1008562950), where MR report comparison currently compares the base & head pipelines. For consistency, we may need to change the comparison to be based on the pipeline hierarchies (the parent + descendants).

mentioned in merge request !91172 (merged)

mentioned in merge request !91510 (merged)

mentioned in issue #368814 (closed)

So this seems particularly interesting to me and a feature request I've just submitted (#368814 (closed)).

Having a generic framework to collate reports would make it very easy to implement a generic report widget that can be populated by messages from the pipeline that aren't constrained to the existing widget types, allowing for rapid prototyping and customizability.

mentioned in merge request !93357 (closed)

marked this issue as related to #368239 (closed)

mentioned in merge request !93651 (closed)

marked this issue as related to #370719

One of the challenge I encountered is the differing interfaces of a Parser. It makes it difficult to figure out what is being passed into each Parser through Parsers.fabricate!.

I created #370719 to focus on making the interface of a Parser consistent.

def initialize(blob, report, **context)
  @blob = blob
  @report = report
  # retrieve relevant context from kwarg context (e.g pipeline, job, other params)
end

def parse!
  # parses @blob into @report, using context where necessary
end

Promoting this to epic so that we can add break it down into smaller issues and add to the overall epic as we make progress.

closed

promoted to epic &8598