Add mergeRequest field to PipelineSecurityReportFinding
Why are we doing this work
We want to add a mergeRequest
field to the PipelineSecurityReportFinding
GraphQL type for use in the new security finding modals.
Example of new query:
query {
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFinding(uuid:"<uuid>") {
vulnerability {
mergeRequest
}
}
}
}
}
Response data is defined at https://docs.gitlab.com/ee/api/graphql/reference/#mergerequest
Relevant links
Non-functional requirements
-
Documentation: Update the GraphQL docs -
Testing: Add appropriate GraphQL feature specs
Implementation plan
We don't need to create a Vulnerability when vulnerability_feedback
is created for a merge request at this time, as this call uses feedback.
-
MR 1: Create a mergeRequest
field to pull the merge requests in the same way they are pulled for vulnerabilities.-
Use BatchLoader::GraphQL to avoid N+1 queries -
mergeRequest currently uses feedback to pull merge requests for vulnerabilities.
-
Verification steps
Test query on security finding with a mergeRequest:
query {
project(fullPath:"<project path>") {
pipeline(iid:"<pipeline iid>") {
securityReportFinding(uuid:"<uuid>") {
vulnerability {
mergeRequest
}
}
}
}
}
Edited by Jonathan Schafer