Add routes, controller and view to group level dependencies

What does this MR do and why?

Describe in detail what your merge request does and why.

Add routes, controller and view to group level dependencies keeping it aligned as much as possible with the project level controller. Note that the data is being fetched from a different source through.

EE: true Changelog: added

Related issue: #408837 (closed)

Migrate/Rollback

For index:

CREATE INDEX idx_sbom_occurrences_on_project_id_and_source_id ON sbom_occurrences (project_id, source_id);

$ bundle exec rails db:migrate
main: == [advisory_lock_connection] object_id: 227940, pg_backend_pid: 70376
main: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: migrating ====
main: -- transaction_open?()
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0692s
main: -- index_exists?(:sbom_occurrences, [:project_id, :source_id], {:name=>"idx_sbom_occurrences_on_project_id_and_source_id", :algorithm=>:concurrently})
main:    -> 0.0039s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- add_index(:sbom_occurrences, [:project_id, :source_id], {:name=>"idx_sbom_occurrences_on_project_id_and_source_id", :algorithm=>:concurrently})
main:    -> 0.0065s
main: -- execute("RESET statement_timeout")
main:    -> 0.0002s
main: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: migrated (0.0918s)

main: == [advisory_lock_connection] object_id: 227940, pg_backend_pid: 70376
ci: == [advisory_lock_connection] object_id: 228180, pg_backend_pid: 70378
ci: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: migrating ====
ci: -- transaction_open?()
ci:    -> 0.0000s
ci: -- view_exists?(:postgres_partitions)
ci:    -> 0.0005s
ci: -- index_exists?(:sbom_occurrences, [:project_id, :source_id], {:name=>"idx_sbom_occurrences_on_project_id_and_source_id", :algorithm=>:concurrently})
ci:    -> 0.0048s
ci: -- execute("SET statement_timeout TO 0")
ci:    -> 0.0003s
ci: -- add_index(:sbom_occurrences, [:project_id, :source_id], {:name=>"idx_sbom_occurrences_on_project_id_and_source_id", :algorithm=>:concurrently})
ci:    -> 0.0053s
ci: -- execute("RESET statement_timeout")
ci:    -> 0.0010s
ci: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: migrated (0.0411s)

ci: == [advisory_lock_connection] object_id: 228180, pg_backend_pid: 70378

$ bundle exec rails db:rollback:main
main: == [advisory_lock_connection] object_id: 227700, pg_backend_pid: 72283
main: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: reverting ====
main: -- transaction_open?()
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0752s
main: -- indexes(:sbom_occurrences)
main:    -> 0.0036s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- remove_index(:sbom_occurrences, {:algorithm=>:concurrently, :name=>"idx_sbom_occurrences_on_project_id_and_source_id"})
main:    -> 0.0019s
main: -- execute("RESET statement_timeout")
main:    -> 0.0002s
main: == 20230605093005 AddIndexForSbomOccurrencesOnProjectIdSourceId: reverted (0.0915s)

main: == [advisory_lock_connection] object_id: 227700, pg_backend_pid: 72283

Query plan

Link to query plan: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/19174/commands/63301

SELECT 
  "sbom_occurrences".* 
FROM 
  "sbom_occurrences" 
WHERE 
  "sbom_occurrences"."project_id" IN (
    SELECT 
      "projects"."id" 
    FROM 
      "projects" 
    WHERE 
      "projects"."namespace_id" IN (
        SELECT 
          namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1) ] AS id 
        FROM 
          "namespaces" 
        WHERE 
          "namespaces"."type" = 'Group' 
          AND (
            traversal_ids @ > ('{66358311}')
          )
      )
  ) 
ORDER BY 
  "sbom_occurrences"."id" ASC 
LIMIT 
  25 OFFSET 0;

Link to a query plans with filter: sbom_sources and sbom_occurrences

SELECT "sbom_sources"."id" FROM "sbom_sources" WHERE (source->'package_manager'->>'name' IN ('bundler'));

SELECT "sbom_occurrences".* FROM "sbom_occurrences" WHERE "sbom_occurrences"."project_id" IN (SELECT "projects"."id" FROM "projects" WHERE "projects"."namespace_id" IN (SELECT namespaces.traversal_ids[array_length(namespaces.traversal_ids, 1)] AS id FROM "namespaces" WHERE "namespaces"."type" = 'Group' AND (traversal_ids @> ('{66358311}')))) AND "sbom_occurrences"."source_id" IN (9209,2527259,665036,434035,2166664,110,1313,1747555,5065,826257,826259,2072448,826556,8698,1074375,1712366,58956,49393,244431,205104,1375759,15625,123,3386,20860,3417,2073760,116,115,1271239,12152,17935,17936,5076,5374,40766,40574,1671,5723,20920,594) ORDER BY "sbom_occurrences"."id" ASC LIMIT 25 OFFSET 0;

Screenshots or screen recordings

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.

changed milestone to %16.1

added Category:Dependency Management GitLab Ultimate Threat InsightsTangerine backend devopsgovern groupthreat insights sectionsec typefeature workflowin dev labels

assigned to @zmartins

marked this merge request as draft

changed title from Add routes, controller and view to to Draft: Add routes, controller and view to group level dependencies

added frontend label

	9 Warnings
	This MR has a Changelog commit with the EE: true trailer, but there are database changes which requires the Changelog commit to not have the EE: true trailer. Consider removing the EE: true trailer from your commits.
	bfff15b1: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	882b85bd: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	cc24674a: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines.
	cc24674a: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines.
	5d192a71: The commit subject must contain at least 3 words. For more information, take a look at our Commit message guidelines.
	6ef490d6: The commit subject must start with a capital letter. For more information, take a look at our Commit message guidelines.
	6ef490d6: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines.
	featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart. For more information, see: The Handbook page on merge request types. The definition of done documentation.

Reviewer roulette

Changes that require review have been detected!

Please refer to the table below for assigning reviewers and maintainers suggested by Danger in the specified category:

Category	Reviewer	Maintainer
backend	Eduardo Bonet (@eduardobonet) (UTC+2, 2 hours ahead of @zmartins)	Vitali Tatarintev (@ck3g) (UTC+2, 2 hours ahead of @zmartins)
database	Dmytro Biryukov (@dbiryukov) (UTC+2, 2 hours ahead of @zmartins)	Diogo Frazão (@dfrazao-gitlab) (UTC+2, 2 hours ahead of @zmartins)
frontend	Laura Meckley (@lmeckley) (UTC-6, 6 hours behind @zmartins)	Alexander Turinske (@aturinske) (UTC+9, 9 hours ahead of @zmartins)
~"migration"	No reviewer available	No maintainer available

To spread load more evenly across eligible reviewers, Danger has picked a candidate for each review slot, based on their timezone. Feel free to override these selections if you think someone else would be better-suited or use the GitLab Review Workload Dashboard to find other available reviewers.

To read more on how to use the reviewer roulette, please take a look at the Engineering workflow and code review guidelines. Please consider assigning a reviewer or maintainer who is a domain expert in the area of the merge request.

Once you've decided who will review this merge request, assign them as a reviewer! Danger does not automatically notify them for you.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

Allure report

allure-report-publisher generated test report!

e2e-review-qa: test report for bfff15b1

expand test summary

+-------------------------------------------------------------+
|                       suites summary                        |
+--------+--------+--------+---------+-------+-------+--------+
|        | passed | failed | skipped | flaky | total | result |
+--------+--------+--------+---------+-------+-------+--------+
| Govern | 21     | 0      | 0       | 0     | 21    | ✅     |
+--------+--------+--------+---------+-------+-------+--------+
| Total  | 21     | 0      | 0       | 0     | 21    | ✅     |
+--------+--------+--------+---------+-------+-------+--------+

e2e-test-on-gdk: test report for bfff15b1

expand test summary

+-----------------------------------------------------------------------+
|                            suites summary                             |
+------------------+--------+--------+---------+-------+-------+--------+
|                  | passed | failed | skipped | flaky | total | result |
+------------------+--------+--------+---------+-------+-------+--------+
| Data Stores      | 2      | 0      | 0       | 1     | 2     | ❗     |
| Create           | 8      | 0      | 1       | 0     | 9     | ✅     |
| Framework sanity | 0      | 0      | 1       | 0     | 1     | ➖     |
| Plan             | 4      | 0      | 0       | 0     | 4     | ✅     |
| Monitor          | 4      | 0      | 0       | 0     | 4     | ✅     |
| Manage           | 1      | 0      | 0       | 0     | 1     | ✅     |
| Govern           | 2      | 0      | 0       | 0     | 2     | ✅     |
+------------------+--------+--------+---------+-------+-------+--------+
| Total            | 21     | 0      | 2       | 1     | 23    | ❗     |
+------------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for bfff15b1

expand test summary

+-------------------------------------------------------------+
|                       suites summary                        |
+--------+--------+--------+---------+-------+-------+--------+
|        | passed | failed | skipped | flaky | total | result |
+--------+--------+--------+---------+-------+-------+--------+
| Govern | 96     | 0      | 2       | 8     | 98    | ❗     |
+--------+--------+--------+---------+-------+-------+--------+
| Total  | 96     | 0      | 2       | 8     | 98    | ❗     |
+--------+--------+--------+---------+-------+-------+--------+

deleted the extend_dependencies_finder_to_group branch. This merge request now targets the master branch

added database databasereview pending labels

added 1062 commits

• 791cda07...7af1b475 - 1061 commits from branch master
• da2f452a - Add routes, controller and view to

Compare with previous version

added 1 commit

• 07a157ab - Add routes, controller and view to

Compare with previous version

added feature flag label

mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@0cf1ed23

added 252 commits

• 07a157ab...04b4da1c - 251 commits from branch master
• 9add0e7d - Add routes, controller and view to

Compare with previous version

mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@c55016b3

added 1 commit

• df8718f3 - Add routes, controller and view to

Compare with previous version

changed the description

mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@4a740e27