### Overview After introducing the background job to toggle project-level setting of [Secret Push Protection](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection) for all projects nested in a group in https://gitlab.com/gitlab-org/gitlab/-/issues/502826, we have to allow security teams to enqueue this background job via some API interface. For this reason, we should introduce a new GraphQL mutation that will accept a group ID and run this background job. ### Proposal * [ ] Create a new [GraphQL mutation](https://docs.gitlab.com/ee/development/api_graphql_styleguide.html#mutations) to enqueue the background job from #502826 for all projects nested in a group. ### Requirements * The mutation should accept a group ID to run the background job. * The mutation should be idempotent (i.e., it should not enqueue another job while one is already running). * The mutation should only be accessible to group members with `maintainer` or higher roles. ## Implementation plan * [x] Create new mutation `ee/app/graphql/mutations/security/ci_configuration/set_group_secret_push_protection.rb` and define new arguments * group_path --\> requierd * enabled --\> requierd * projects_to_exclude --\> optional * [x] Add the new mutation in `ee/app/graphql/ee/types/mutation_type.rb.` * [x] Call the new worker from #502826 on the `resolve` function with the latest arguments. * [x] Add unit test for the new arguments and the requirements * [x] Add documentation for the new mutation with examples of the arguments * [x] Add a new changelog entry