Read Scan Execution Policies variables from DB when applying them with the highest precedence
Why are we doing this work
There is a technical debt where we keep reading YAML and parsing variables from policies in order to calculate job variables. This is due to not having the policies persisted in the database. After the work from Use database read model for security policies (&13865) is done, we can optimize this.
We should store the variables in the DB and apply them at the end of the variables collection without fetching them from YAML all the time.
Relevant links
Non-functional requirements
-
Documentation: -
Feature flag: -
Performance: -
Testing:
Implementation plan
The variables are appended into the collection of job variables here: https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/lib/ee/gitlab/ci/variables/builder.rb#L21
We need to change ::Gitlab::Ci::Variables::Builder::ScanExecutionPolicies
to read the variables from the database instead of parsing the policy YAML.