Add remediations field to PipelineSecurityReportFinding

Why are we doing this work

We want to add a remediations field to the PipelineSecurityReportFinding GraphQL type for use in the new security finding modals.

Example of new query:

query {
  project(fullPath:"<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFinding(uuid:"<uuid>") {
        remediations {
          summary
          diff
        }
      }
    }
  }
}

Sample Response:

{
  "data": {
    "project": {
      "pipeline": {
        "securityReportFindings": {
          "nodes": [
            {
              "remediations": [
                {
                  "summary": "Upgrade apk-tools to 2.10.7-r0",
                  "diff": "ZGlmZiAtLWdpdCBhL0RvY2tlcmZpbGUgYi9Eb2NrZXJmaWxlCmluZGV4IDkwNDVhNTguLjcxNjQwMWUgMTAwNjQ0Ci0tLSBhL0RvY2tlcmZpbGUKKysrIGIvRG9ja2VyZmlsZQpAQCAtMSw0ICsxLDUgQEAKIEZST00gYWxwaW5lOjMuMTMKIFJVTiBhcGsgLS1uby1jYWNoZSB1cGRhdGUgJiYgYXBrIC0tbm8tY2FjaGUgYWRkIGFway10b29scz0yLjEwLjctcjAKK1JVTiBhcGsgLS1uby1jYWNoZSB1cGRhdGUgJiYgYXBrIC0tbm8tY2FjaGUgYWRkIGFway10b29scz0yLjEwLjctcjAKIAogUlVOIGVjaG8gIkkgZG9uJ3QgZG8gYW55dGhpbmci"
                }
              ]
            }
          ]
        }
      }
    }
  }
}

Relevant links

Spike

Non-functional requirements

Documentation: Update the GraphQL docs
Testing: Add appropriate GraphQL feature specs

Implementation plan

MR 1: Create RemediationsType
- backend Create RemediationsType
  - summary : String
  - diff : String
- backend Create RemediationsResolver (optional)
  - May be able to resolve in place
- backend Add remediations field to PipelineSecurityReportFinding

Verification steps

Test query on security finding with a remediation:

query {
  project(fullPath:"<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFinding(uuid:"<uuid>") {
        remediations {
          summary
          diff
        }
      }
    }
  }
}

Edited Jan 11, 2023 by Jonathan Schafer