Add Dependency list to Explore page
What does this MR do and why?
This MR contains a spike implementation of a global dependency list that is available under /explore/dependencies
. This initial version of the Dependency list is gated behind a feature flag and only available to instance admins. It requires membership to the default organization and removes features such as exporting, filtering, sorting, grouping, and advanced pagination.
SELECT
"sbom_occurrences"."id",
"sbom_occurrences"."created_at",
"sbom_occurrences"."updated_at",
"sbom_occurrences"."component_version_id",
"sbom_occurrences"."project_id",
"sbom_occurrences"."pipeline_id",
"sbom_occurrences"."source_id",
"sbom_occurrences"."commit_sha",
"sbom_occurrences"."component_id",
"sbom_occurrences"."uuid",
"sbom_occurrences"."package_manager",
"sbom_occurrences"."component_name",
"sbom_occurrences"."input_file_path",
"sbom_occurrences"."licenses",
"sbom_occurrences"."highest_severity",
"sbom_occurrences"."vulnerability_count",
"sbom_occurrences"."source_package_id"
FROM "sbom_occurrences"
INNER JOIN "projects" ON "sbom_occurrences"."project_id" = "projects"."id"
WHERE "projects"."organization_id" = 1
ORDER BY "sbom_occurrences"."id" ASC
LIMIT 20
OFFSET 0;
Time: 25.281 ms
- planning: 7.076 ms
- execution: 18.205 ms
- I/O read: 17.753 ms
- I/O write: 0.000 ms
Shared buffers:
- hits: 82 (~656.00 KiB) from the buffer pool
- reads: 14 (~112.00 KiB) from the OS file cache, including disk I/O
- dirtied: 0
- writes: 0
https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/25779/commands/81260
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
- Enable
explore_dependencies
feature flag.Feature.enable(:explore_dependencies)
- Log in as an instance admin.
- Ensure membership in the default organization.
::Organizations::OrganizationUser.create_default_organization_record_for(1, user_is_admin: true)
- Open http://gdk.test:3000/explore/dependencies
Merge request reports
Activity
added backend groupauthorization labels
assigned to @mokhax
added devopsgovern sectionsec labels
- A deleted user
added frontend label
3 Warnings This merge request is quite big (755 lines changed), please consider splitting it into multiple merge requests. 8df2137e: Commits that change 30 or more lines across at least 3 files should describe these changes in the commit body. For more information, take a look at our Commit message guidelines. featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart.
For more information, see:
- The Handbook page on merge request types.
- The definition of done documentation.
1 Message CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
Reviewer roulette
Category Reviewer Maintainer backend @robyrne
(UTC+0, 7 hours ahead of author)
@alexpooley
(UTC+8, 15 hours ahead of author)
database @dstull
(UTC-5, 2 hours ahead of author)
@dfrazao-gitlab
(UTC+1, 8 hours ahead of author)
frontend @elwyn-gitlab
(UTC+13, 20 hours ahead of author)
@blabuschagne
(UTC+1, 8 hours ahead of author)
~"Authorization" Reviewer review is optional for ~"Authorization" @hmehra
(UTC+11, 18 hours ahead of author)
Please check reviewer's status!
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
Danger- Resolved by 🤖 GitLab Bot 🤖
Proper labels assigned to this merge request. Please ignore me.
@mokhax - please see the following guidance and update this merge request.1 Error Please add typebug typefeature, or typemaintenance label to this merge request. Edited by 🤖 GitLab Bot 🤖
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for 5d0b87e3expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Create | 8 | 0 | 3 | 0 | 11 | ✅ | | Govern | 65 | 0 | 1 | 0 | 66 | ✅ | | Plan | 4 | 0 | 0 | 0 | 4 | ✅ | | Data Stores | 2 | 0 | 0 | 0 | 2 | ✅ | | Monitor | 4 | 0 | 0 | 0 | 4 | ✅ | | Package | 0 | 0 | 1 | 0 | 1 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 83 | 0 | 5 | 0 | 88 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-package-and-test:
test report for 5d0b87e3expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Govern | 166 | 0 | 14 | 2 | 180 | ✅ | | Create | 16 | 0 | 6 | 0 | 22 | ✅ | | Plan | 8 | 0 | 0 | 0 | 8 | ✅ | | Data Stores | 4 | 0 | 0 | 0 | 4 | ✅ | | Monitor | 8 | 0 | 0 | 0 | 8 | ✅ | | Package | 0 | 0 | 2 | 0 | 2 | ➖ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 202 | 0 | 22 | 2 | 224 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-review-qa:
test report for 5d0b87e3expand test summary
+-------------------------------------------------------------+ | suites summary | +--------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +--------+--------+--------+---------+-------+-------+--------+ | Govern | 3 | 0 | 0 | 0 | 3 | ✅ | +--------+--------+--------+---------+-------+-------+--------+ | Total | 3 | 0 | 0 | 0 | 3 | ✅ | +--------+--------+--------+---------+-------+-------+--------+
Bundle size analysis [beta]
This compares changes in bundle size for entry points between the commits 13e55430 and 5d0b87e3
Special assetsEntrypoint / Name Size before Size after Diff Diff in percent average 4.14 MB 4.13 MB - -0.0 % mainChunk 3.13 MB 3.13 MB - 0.0 % New entry points: 1Expand
Entrypoint / Name Size before Size after Diff Diff in percent pages.explore.dependencies 0 Bytes 559.58 KB +559.58 KB 100.0 %
Note: We do not have exact data for 13e55430. So we have used data from: ae1f8767.
The target commit was too new, so we used the latest commit from master we have info on.
It might help to rerun thebundle-size-review
job
This might mean that you have a few false positives in this report. If something unrelated to your code changes is reported, you can check this comparison in order to see if they caused this change.Please look at the full report for more details
Read more about how this report works.
Generated by
Dangeradded 1 commit
- 19f2348e - Rename NAMESPACE_EXPLORE TO NAMESPACE_ORGANIZATION
mentioned in issue #432264 (closed)
mentioned in issue #438729 (closed)
mentioned in issue #438743 (closed)
mentioned in epic &12460
added 250 commits
-
19f2348e...4bd3b171 - 244 commits from branch
master
- 741f0ac6 - Scaffold out explore/dependencies
- 0654d495 - Bootstrap the dependencies app
- 212f51bf - Load SBOM occurrences through the default organization
- 0aa12dd0 - Undo accidental change
- 69637f95 - Rename NAMESPACE_EXPLORE TO NAMESPACE_ORGANIZATION
- 09075ce0 - Restrict access to /explore/dependencies to self managed
Toggle commit list-
19f2348e...4bd3b171 - 244 commits from branch
- Resolved by mo khan
- Resolved by mo khan
added 228 commits
-
09075ce0...c4eb4dba - 221 commits from branch
master
- f4e3b5a0 - Scaffold out explore/dependencies
- 93926a0a - Bootstrap the dependencies app
- 9842e442 - Load SBOM occurrences through the default organization
- c98221c9 - Undo accidental change
- 5fafbaf7 - Rename NAMESPACE_EXPLORE TO NAMESPACE_ORGANIZATION
- c2a693e4 - Restrict access to /explore/dependencies to self managed
- 68e19d02 - Move explore/dependencies menu to /ee
Toggle commit list-
09075ce0...c4eb4dba - 221 commits from branch
added 1 commit
- c2e2d7c7 - Display explore/dependencies via licensed feature
added Category:Permissions label
added 198 commits
-
a32809fa...f8aa321b - 186 commits from branch
master
- f8aa321b...56f269b6 - 2 earlier commits
- 82128a02 - Load SBOM occurrences through the default organization
- 3526644b - Undo accidental change
- cf4336f8 - Rename NAMESPACE_EXPLORE TO NAMESPACE_ORGANIZATION
- e02da478 - Restrict access to /explore/dependencies to self managed
- 219d5c8e - Move explore/dependencies menu to /ee
- 80791607 - Display explore/dependencies via licensed feature
- 535978ee - Move explore/dependencies routes to /ee
- 607b7d53 - Move explore/dependencies controller to /ee
- f97ae3ee - Test out the JSON endpoint
- 45e2e0bc - Remove zero occurrences unless an organization, group or project is provided
Toggle commit list-
a32809fa...f8aa321b - 186 commits from branch
- A deleted user
added database databasereview pending labels
added 1 commit
- 652781be - Render dependencies at an organization level
- A deleted user
added feature flag label
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@e975c726
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@68d45263
added 2 commits
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@a5fad734
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@78e6c72b
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@8a8ff2f8
added 2 commits
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@02a13ec0
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@321fe6e0
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@392406d9
changed milestone to %16.9
added groupthreat insights label and removed groupauthorization label
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@80edd1ad
added 1 commit
- 23fd3cba - Add spec for rendering dependencies at organization level
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@4e2b8b42
added 332 commits
-
23fd3cba...f28c402c - 302 commits from branch
master
- f28c402c...ebb78665 - 20 earlier commits
- a1531bd3 - Paginate without totals to speed up page
- a350fddd - Update finder spec to filter by organization
- a01965ed - Fix up entity serializer
- 9621215b - Check for project on request context
- dc7f525b - Use try instead of ternary operator
- 2bdddda0 - Add N+1 spec
- 19ff8664 - Attempt to load the results efficiently
- 17036822 - Add spec for rendering dependencies at organization level
- 53d66191 - Extract organizationFields property
- 3500d48d - Add spec for Organizations::Organization#sbom_occurrences
Toggle commit list-
23fd3cba...f28c402c - 302 commits from branch
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@c4842fe0
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@7732619a
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@ad3a1978
added 2 commits
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@8afea49a
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@1d90463a
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@9a60ff22
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@a06a3907
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@9d61bbec
added 1 commit
- 8090f169 - Hide the export button when the export endpoint is not defined
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@47783552
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@78cbe428
added 846 commits
-
2ee5733b...e555da1f - 805 commits from branch
master
- e555da1f...44efa7bb - 31 earlier commits
- 08f42519 - Add rollout issue url
- 52a8b6b4 - Update spec to include through association
- ae8d3287 - Conditionally render dependencies menu
- cc112e72 - Extract include_menu matcher
- 915cd384 - Use matcher to remove duplication
- fe5420d5 - Check feature flag in frontend code
- ec423659 - Hide the export button when the export endpoint is not defined
- 329d98a6 - Disable sorting at organization level
- ce6e9d98 - Bulk create projects in specs
- 9d605238 - Fix N+1 on organization->project->namespace->route
Toggle commit list-
2ee5733b...e555da1f - 805 commits from branch
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@b0fcd9fe
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@c0cdcb80
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@559430d4
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@f841fa00
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@d60dfc0d
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@46649d41
- Resolved by Zamir Martins
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by Brian Williams
added featureaddition label
added typefeature label
- Resolved by Savas Vedova
This is a big MR because it introduces a new page under
/explore
. I wanted to make sure that the frontend and backend pieces fit nicely together so I worked on both sets of changes in 1 MR. I know that this might not be ideal and I hope you can bare with me for this first MR. Pretty please with sugar on top.@dpisek do you mind doing a frontend review?
requested review from @zmartins
- Resolved by mo khan
- Resolved by Brian Williams
@mokhax Thanks for working on this. I didn't have a chance to run it locally but I only have a few questions.
removed review request for @zmartins
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by Brian Williams
added databasereviewed label and removed databasereview pending label
- Resolved by David Pisek
- Resolved by David Pisek
- Resolved by David Pisek
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@5bd0ad0c
added 1 commit
- c4c01761 - Add specs for DependencyEntity with an organization
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@6785a804
added 1 commit
- 6cf4256c - Add spec when signed in as admin with feature not available
added 1 commit
- 38861a65 - Test sign in as admin with feature disabled against JSON endpoint
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@070769da
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@99eb0f17
added 1 commit
- 8df2137e - Disable actions bar for organization in App component
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@1a2b463d
requested review from @zmartins
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@64d9becd
- Resolved by Savas Vedova
@dpisek
, thanks for approving this merge request.This is the first time the merge request has been approved. To ensure we don't only run predictive pipelines, and we don't break
master
, a new pipeline will be started shortly.Please wait for the pipeline to start before resolving this discussion and set auto-merge for the new pipeline. See merging a merge request for more details.
added pipeline:mr-approved label
- Resolved by mo khan
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@34b9c1b0
requested review from @bwill
removed review request for @zmartins
revoked approvals from @dpisek by pushing to the branch
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@884cb976
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@18ede082
revoked approvals from @dpisek by pushing to the branch
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@8551b5f2
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@90d3141b
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by Brian Williams
- Resolved by mo khan
removed review request for @bwill
added groupauthorization label and removed groupthreat insights label
added 1 commit
- df9cd8ad - Change feature flag ownership to Authz group
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@6c56bc00
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@f02dccbc
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@069ab2df
added 1 commit
- 1a1084b7 - Render menu when user has access to default organization
added 1171 commits
-
1a1084b7...ab8aeeeb - 1170 commits from branch
master
- 5d0b87e3 - Merge branch 'master' into 'mokhax/432264/explore-dependencies'
-
1a1084b7...ab8aeeeb - 1170 commits from branch
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@591da9b7
requested review from @mokhax
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@c1880849
removed review request for @bwill
- Resolved by Savas Vedova
@alexbuijs do you mind doing a review for groupauthorization?
requested review from @alexbuijs
added databaseapproved label and removed databasereviewed label
- Resolved by Savas Vedova
mentioned in merge request gitlab-org/ruby/gems/gitlab-dangerfiles!263 (merged)
- Resolved by Alex Buijs
- Resolved by Alex Buijs
removed review request for @alexbuijs
requested review from @svedova
enabled an automatic merge when all merge checks for 5d0b87e3 pass
mentioned in commit gitlab-org-sandbox/gitlab-jh-validation@eb438f7b
Hello @mokhax
The database team is looking for ways to improve the database review process and we would love your help!
If you'd be open to someone on the database team reaching out to you for a chat, or if you'd like to leave some feedback asynchronously, just post a reply to this comment mentioning:
@gitlab-org/database-team
And someone will be by shortly!
Thanks for your help!
This message was generated automatically. You're welcome to improve it.
mentioned in commit 130b5f87
added workflowstaging-canary label
@mokhax This merge request was deployed to the workflowstaging-canary environment. You may want to enable the associated feature flag on this environment with/chatops run feature set explore_dependencies true --staging
.This message was generated automatically. You're welcome to improve it.
This merge request was deployed to the workflowcanary environment. You may want to enable the associated feature flag on this environment with/chatops run feature set explore_dependencies true --production
.This message was generated automatically. You're welcome to improve it.
This merge request was deployed to the workflowstaging environment. You may want to enable the associated feature flag on this environment with/chatops run feature set explore_dependencies true --staging
.This message was generated automatically. You're welcome to improve it.
This merge request was deployed to the workflowproduction environment. You may want to enable the associated feature flag on this environment with/chatops run feature set explore_dependencies true --production
.This message was generated automatically. You're welcome to improve it.
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added releasedcandidate label
mentioned in issue #441683 (closed)
mentioned in issue gitlab-org/quality/triage-reports#17488 (closed)
mentioned in issue gitlab-org/quality/triage-reports#17950 (closed)
mentioned in issue gitlab-org/quality/triage-reports#18483 (closed)
mentioned in issue gitlab-org/quality/triage-reports#18963 (closed)
mentioned in issue gitlab-org/quality/triage-reports#19415 (closed)
mentioned in issue gitlab-org/quality/triage-reports#20641 (closed)
mentioned in issue gitlab-org/quality/triage-reports#20955 (closed)
mentioned in issue gitlab-org/quality/triage-reports#21529 (closed)
mentioned in issue gitlab-org/quality/triage-reports#22018