Standards adherence DB proposal

Problem to solve

Refer epic for more details Custom compliance frameworks (&13295 - closed)

As part of solving the problem in this epic we are looking at how we can best have multiple requirements attached to a framework, and multiple check and custom checks attached to requirements.

This information along with check results (stored in a separate DB table) will be provided in one API, for the adherence report to consume and display.

Here is a mock up of how it may look from a UI perspective

We have to proposal on how to store this information:

Option 1 - New DB tables

Create two new database tables for Requirements and Checks and link them Frameworks table

Requirement (id, group_id, name, description) → (M:N) can have multiple checks
Check (id, name, description) → This can only be populated by GitLab codebase and users won’t have access to create/update/delete checks. This is the checks library. Since these are static, can we use YAML for defining the checks?

Option 2 - New column

Add a new JSON object column to the Frameworks table.

Example JSON:

{
name: Code safeguards enabled,
description: Ensure that code is guarded correctly,
checks: {
    `two_merge_apporvals`, //Check ENUMS
    `commiter_cant_merge`
}

Would require custom validation in backend to ensure conformance to the structure

Edited Apr 18, 2024 by Nate Rosandich