Gitlab Agent should persist OCS status

Problem statement

Users have no way of seeing the status of the last OCS run. Currently the only way of finding out is going through the logs

Proposal

We could create a configmap for storing the OCS status. The configmap would contain the following information:

Let's assume that we are running OCS for two namespaces. The confgimap named ocs-status would contain the following information:

Key	value
namespace1	{ "status": "Failed/Success/Running", "last_run_timestamp": "1720787503", "vulnerabilities_found": 1025 }
namespace2	{ "status": "Failed/Success/Running", "last_run_timestamp": "1720787503", "vulnerabilities_found": 117 }

The OCS status could be enabled in the helm chart. Since this will be used for OCS integration tests we will disable it by default. In the future we can enable it by default when we want to build this functionality in Gitlab.

Relates to

• &14447
• &14447 (comment 1996859891)

Implementation Plan

Gitlab Agent Helm Chart

• Add an operational_container_scanning configuration named persist_ocs_status=false
• ~~Add a configmap creation in the ~~ocs directory
• Add an env var in the gitlab agent deployment named PERSIST_OCS_STATUS

Similar to #472228 (comment 2072039578)+, I've opted to introduce this config via agent config as it is preferred over helm chart based on feedback by Gitlab Agent maintainer.

Gitlab Agent

• Read PERSIST_OCS_STATUS from the agent config and pass it as a new field to the worker
• During init make sure that the configmap exists if PERSIST_OCS_STATUS is true
• Extend the OCS scanner so that it persists the status in the configmap if PERSIST_OCS_STATUS is true. This should happen only by the main thread since we are scanning in parallel. We should add this code here.
• Verify that it works