Spike: Prepare architecture blueprint for database read model for scan result policies
Time-box: 5 days
Why are we doing this work
In the scope of this Spike, we would like to collaborate as a team to prepare an architecture blueprint for the database read model for Scan Result Policies that we plan to release with Use database read model for merge request appr... (&9971 - closed).
The main goals of this redesign are:
- we want to change the current process in https://gitlab.com/gitlab-org/gitlab/-/blob/26952cd8c93a1378873aeed35ca85b6e32becb26/ee/app/workers/concerns/update_orchestration_policy_configuration.rb#L4 not to delete and recreate all related records, but rather update/recreated only affected records,
- reduce the number of queries to the database performed by workers from Security Policies,
- reduce the average duration time of
Security::SyncScanPoliciesWorker,
Initial thoughts:
- groupcode review team is working on MVC: Allow group-level MR approval rules for 'A... (&11451) (look at Group approval rules migration (!132651 - merged) to see the context, perhaps we could reuse that),
- we've been discussing with
@sashi_kumarthat it would be great to have only one record in the database for every policy, then after updatingpolicy.yml, this record would be updated, and necessary changes propagated across GitLab, - we could see if we can use
Gitlab::EventStorefor that,
Expected results:
- MR created with an architecture blueprint (similar to Add security policy custom ci blueprint (!137546 - merged)) and initiated discussion with other team members,
Edited by Alan (Maciej) Paruszewski