[Feature flag] Cleanup security_auto_fix
Summary
This issue is to cleanup the security_auto_fix
feature flag, and remove code that is behind it.
The FF was never enabled by default, and at this point it's not a priority to do so.
Owners
- Team: groupcomposition analysis
- Most appropriate slack channel to reach out to:
#g_secure-composition-analysis
- Best individual to reach out to: @thiagocsf
- PM: @johncrowley
Stakeholders
Expectations
What might happen if this goes wrong?
This feature was never enabled, but we enabled it temporary for some projects on GitLab.com and we don't know if any users didn't enable it on their self-hosted instances. That's why we need to ensure that we completely remove all references to the feature flag. Otherwise UI might be broken.
Cleaning up the feature flag
The list is ordered, each tasks might include multiple files to remove and to process, it's assumed that tests should be removed or updated with altered code in each task.
-
Remove AutoFixWorker -
Remove usage of SaveAutoFixService
service on Security Configuration page, backend and UI. -
Remove AutoFixService
service, backend only task. -
Remove policies related to auto_fix
-
modify_auto_fix_setting on Project
-
create_vulnerability_feedback
if user is bot.
-
-
Remove security bot profile, frontend task. -
Remove security_auto_fix
feature flag -
Remove auto-fix
from GraphQL endpoint (optional, not required for the feature flag removal, but might be more cleaner)
Edited by Zamir Martins