Optimise SEP performance

Why are we doing this work

We need to improve SEP performance. Child items are used for the improvements we want to implement.

DAST

dast CI template rendering has its own code branch, and it already caches the rendered template in-memory.

Relevant links

See #436545 (comment 1976985099) for other suggestions

Non-functional requirements

• Documentation:
• Feature flag:
• Performance:
• Testing:

Implementation plan

How to measure production performance

Generate SEP with a large number of actions, have them rendered for a pipeline, then immediately cancel the pipeline after its creation. Additionally, set non-existent runner tags for each action.

# frozen_string_literal: true

require "securerandom"
require "yaml"

USAGE = "Usage: ruby #{__FILE__} <number of policies>".freeze
TAG = "unconfigured-runner".freeze
SCAN_TYPES = %w[container_scanning sast sast_iac secret_detection].freeze

def action
  {
    "scan" => SCAN_TYPES.sample,
    "tags" => [TAG],
    "template" => %w[default latest].sample,
    "variables" => { "FOO" => SecureRandom.alphanumeric(10) }
  }
end

def policy(n)
  {
    "type" => "scan_execution_policy",
    "name" => "Test policy",
    "enabled" => true,
    "rules" => [{ "type" => "pipeline", "branches" => ["*"] }],
    "actions" => Array.new(n) { action }
  }
end

puts policy(ARGV.first&.to_i || raise(USAGE)).to_yaml

# Requires a `CANCEL_TOKEN` PAT
cancel:
  stage: test
  retry: 2
  image:
    name: alpine
  script: |
    apk add curl
    curl --fail --header "PRIVATE-TOKEN: $CANCEL_TOKEN" --request "POST" "https://$CI_SERVER_FQDN/api/v4/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/cancel"

Verification steps

Verify performance improvements with the execution duration histogram added by #472191 (closed).