Remove `Security::ReportFetchService`
Summary
Security::ReportFetchService
is leftover code from when the Dependency List was populated with security reports.
Now that we have completely transitioned the dependency list over to using database records, we should delete it.
This means that we need to:
- Understand how the frontend is currently using build information
- Figure out a way to migrate this functionality to not depend on security reports (e.g. by storing the latest ingested pipeline ID)
- Delete
Security::ReportFetchService
once we no longer have any dependencies on it
This should fix #462861 (closed) and also unblock #457633 (closed).
Implementation plan
-
backend Pass path to the latest ingested SBoM pipeline path and
finished_at
timestamp to the frontend via HAML (This should not be included in the dependencies response for separation of concerns). -
backend Inject
hasNoDependencies
via HALM if the project does not have at least onesbom_occurrences
record. - frontend Link to the pipeline instead of the job.
-
frontend In the frontend app:
- Don't show the pipeline information if there are dependencies but no pipeline
- Show the "no dependencies" empty state if there is a pipeline but no dependencies
- Show the "job not set up" empty state if there is no pipeline and no dependencies
- Remove the "Dependency list job failed" alert
- Remove the
no_dependency_files
alert - Remove any remaining references to
reportInfo
(e.g. in vue store)
- backend Remove the report data from the response
-
backend Remove
ReportFetchService
Edited by Brian Williams