Allow comment on GQL vulnerabilityResolve mutation (!113644) · Merge requests · GitLab.org / GitLab

Malcolm Locke requested to merge 373969-adjust-mutations-vulnerabilities-resolve-to-accept-comment into master Mar 06, 2023

What does this MR do and why?

This MR allows the vulnerabilityResolve GQL mutation to receive a comment field as part of the backend changes supporting &4649 (closed)

How to set up and validate locally

On a project with vulnerabilities, enable the :deprecate_vulnerabilities_feedback feature flag.
```
Feature.enable(:deprecate_vulnerabilities_feedback, Project.find(project_id))
```
Note down the ID of a vulnerability that is not resolved from the Security and Compliance -> Vulnerability Report page on the project.
Run the following query via /-/graphql-explorer

mutation($input: VulnerabilityResolveInput!) {
  vulnerabilityResolve(input: $input) {
    vulnerability {
      id
      state
      stateComment
    }
  }
}

{
  "input": {
    "id": "gid://gitlab/Vulnerability/<vulnerability_id>",
    "clientMutationId": "ANY_STRING",
    "comment": "Test Resolve Comment"
  }
}

Check the state change and comment have been persisted:

query {
  vulnerability(id: "gid://gitlab/Vulnerability/553") {
    id
    state
    stateComment
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #373969 (closed)

Edited Mar 07, 2023 by Malcolm Locke

Allow comment on GQL vulnerabilityResolve mutation

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports