Add mergeRequest field to PipelineSecurityReportFinding

Why are we doing this work

We want to add a mergeRequest field to the PipelineSecurityReportFinding GraphQL type for use in the new security finding modals.

Example of new query:

query {
  project(fullPath:"<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFinding(uuid:"<uuid>") {
        vulnerability {
          mergeRequest
        }
      }
    }
  }
}

Response data is defined at https://docs.gitlab.com/ee/api/graphql/reference/#mergerequest

Relevant links

Spike

Non-functional requirements

Documentation: Update the GraphQL docs
Testing: Add appropriate GraphQL feature specs

Implementation plan

We don't need to create a Vulnerability when vulnerability_feedback is created for a merge request at this time, as this call uses feedback.

MR 1: Create a mergeRequest field to pull the merge requests in the same way they are pulled for vulnerabilities.
- Use BatchLoader::GraphQL to avoid N+1 queries
- mergeRequest currently uses feedback to pull merge requests for vulnerabilities.

Verification steps

Test query on security finding with a mergeRequest:

query {
  project(fullPath:"<project path>") {
    pipeline(iid:"<pipeline iid>") {
      securityReportFinding(uuid:"<uuid>") {
        vulnerability {
          mergeRequest
        }
      }
    }
  }
}

Edited Dec 20, 2022 by Jonathan Schafer