Reproduce Repository X-Ray functionality - Introduce lock file classes

What does this MR do and why?

Context

In #474306 (comment 2025085630), we decided to migrate the Repository X-Ray functionality into the GitLab Rails monolith. This gives us two main benefits: (i) it will eventually allow us to run the service outside of the CI pipeline, and (ii) we can maintain the parsing logic centrally so that other domains can utilize it.

This MR

This MR is the first step in the migration progress. It introduces the LockFiles::Base class where the intention is for each lock file type to be represented by a child class. The RubyGems child class serves as an example of the implementation.

Next Steps: Eventually we will add all the languages/lock files currently supported in Repository X-Ray. Then we will introduce a lock file parser class that utilizes these LockFiles::Base child classes.

POC: For a more complete picture of the overall implementation, see: Draft: POC - Reproduce base functionality of Re... (!162125 - closed)

Resolves part of #476177 (closed).

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #476177 (closed)

changed milestone to %17.4

added Category:Code Suggestions backend devopscreate feature flagskipped groupcode creation sectiondev typefeature workflowin review labels

assigned to @lma-git

changed the description

added 1 commit

• d2efd316 - Introduce lock file classes

Compare with previous version

mentioned in issue #476177 (closed)

added 1 commit

• 659b1da9 - Introduce lock file classes

Compare with previous version

	1 Message
	CHANGELOG missing: If this merge request needs a changelog entry, add the Changelog trailer to the commit message you want to add to the changelog. If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.

Reviewer roulette

Category	Reviewer	Maintainer
backend	@emeraldjayde (UTC+0, 7 hours ahead of author)	@halilcoban (UTC+2, 9 hours ahead of author)

Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.

If needed, you can retry the danger-review job that generated this comment.

Generated by Danger

marked this merge request as ready

Hi @emeraldjayde! Could you please give this MR a first backend review? If there aren't any blocking suggestions, please forward it to either @jprovaznik or @ck3g for maintainer review. Thank you!

requested review from @emeraldjayde

changed the description

removed review request for @emeraldjayde

added 1 commit

• 687bc789 - Introduce lock file classes

Compare with previous version

added 1 commit

• d550a9fe - Introduce lock file classes

Compare with previous version

requested review from @emeraldjayde

added 1 commit

• 1b400eae - Update Gemfile.lock version spec

Compare with previous version

LGTM, left a few comments/thoughts, then it should be good to go!

added 527 commits

• 1b400eae...e70a4184 - 524 commits from branch master
• d65c69aa - Introduce lock file classes
• ed4f18b3 - Update Gemfile.lock version spec
• 1d17d53f - Add comment with Gemfile.lock example

Compare with previous version

requested review from @emeraldjayde

added 1 commit

• 4ce248ec - Add comment with Gemfile.lock example

Compare with previous version

LGTM!

approved this merge request

added pipeline:mr-approved label

added pipelinetier-2 label

Can we get a maintainer review please @mikolaj_wawrzyniak ?

requested review from @mikolaj_wawrzyniak and removed review request for @emeraldjayde

suggestion: It looks that there is already SSoT for language naming in this repository, see https://gitlab.com/gitlab-org/gitlab/blob/dcc5cc691b48a6823f56dfb679bced4641e8a6a9/ee/lib/code_suggestions/programming_language.rb#L142 Please consider replacing hardcoded name with reference to SSOT

created #479148 to continue this discussion

Thanks for pointing that out! I've updated the code to make use of that constant.

NOTE: It looks like that hash isn't fully up-to-date because it doesn't include kotlin nor php, etc. So it probably hasn't been supporting the other languages this whole time . This hash will be updated as we proceed with adding more lock file classes with this new approach though.

cc: @ck3g @emeraldjayde

changed this line in version 8 of the diff

created #480033 (closed) to continue this discussion

mentioned in issue #479148

approved this merge request

added pipelinetier-3 pipeline:run-e2e-omnibus-once labels and removed pipelinetier-2 label

Before you set this MR to auto-merge

This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.

Before you set this MR to auto-merge, please check the following:

• You are the last maintainer of this merge request
• The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
• This pipeline is recent enough (created in the last 8 hours)

If all the criteria above apply, please set auto-merge for this merge request.

See pipeline tiers and merging a merge request for more details.

enabled automatic add to merge train when checks pass

Thank you @lma-git I left few comments, but non of them was significant enough to block this MR, please take a look at follow up issue #479148

E2E Test Result Summary

allure-report-publisher generated test report!

e2e-test-on-gdk: test report for 7402a6ee

expand test summary

+------------------------------------------------------------------+
|                          suites summary                          |
+-------------+--------+--------+---------+-------+-------+--------+
|             | passed | failed | skipped | flaky | total | result |
+-------------+--------+--------+---------+-------+-------+--------+
| Plan        | 70     | 0      | 0       | 0     | 70    | ✅     |
| Verify      | 44     | 0      | 2       | 0     | 46    | ✅     |
| Create      | 127    | 0      | 12      | 0     | 139   | ✅     |
| Govern      | 71     | 0      | 0       | 0     | 71    | ✅     |
| Fulfillment | 2      | 0      | 0       | 0     | 2     | ✅     |
| Data Stores | 31     | 0      | 1       | 0     | 32    | ✅     |
| Package     | 16     | 0      | 12      | 0     | 28    | ✅     |
| Monitor     | 8      | 0      | 0       | 0     | 8     | ✅     |
| Analytics   | 2      | 0      | 0       | 0     | 2     | ✅     |
| Release     | 5      | 0      | 0       | 0     | 5     | ✅     |
| Manage      | 1      | 0      | 1       | 0     | 2     | ✅     |
| Secure      | 2      | 0      | 0       | 0     | 2     | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+
| Total       | 379    | 0      | 28      | 0     | 407   | ✅     |
+-------------+--------+--------+---------+-------+-------+--------+

e2e-package-and-test: test report for 4ce248ec

expand test summary

+-------------------------------------------------------------+
|                       suites summary                        |
+--------+--------+--------+---------+-------+-------+--------+
|        | passed | failed | skipped | flaky | total | result |
+--------+--------+--------+---------+-------+-------+--------+
| Create | 417    | 0      | 51      | 0     | 468   | ✅     |
+--------+--------+--------+---------+-------+-------+--------+
| Total  | 417    | 0      | 51      | 0     | 468   | ✅     |
+--------+--------+--------+---------+-------+-------+--------+

removed pipeline:run-e2e-omnibus-once label

mentioned in issue #479185 (closed)

aborted automatic add to merge train because the source branch was updated. Learn more.

added 1 commit

• 7402a6ee - Apply code suggestions

Compare with previous version