Resolve "Display badge on AI-resolvable items within the MR report"
What does this MR do and why?
This code diff introduces a new feature to the Merge Request widget. It adds a badge to vulnerabilities that can be resolved using AI. This badge is only shown if the user has the ability to resolve vulnerabilities with AI and the vulnerability has AI resolution enabled.
Additionally, the feature flag (`resolve_vulnerability_in_mr) for resolving vulnerabilities in the merge request must be enabled.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
![]() |
![]() |
How to set up and validate locally
- Import this project: https://gitlab.com/gitlab-org/govern/threat-insights-demos/verification-projects/cwe-tests
- DO NOT RUN A PIPELINE AGAINST MASTER
- Add a small change, eg. add a README and create a new MR
- Run pipeline
- Reload MR page after pipeline has finished
- Verify that the badges are NOT showing
- Enable the FF:
echo 'Feature.enable(:resolve_vulnerability_in_mr)' | rails c
- Verify that the badges are showing
Related to #482900 (closed)
Merge request reports
Activity
changed milestone to %17.5
assigned to @dpisek
added pipelinetier-1 label
2 Warnings featureaddition and featureenhancement merge requests normally have a documentation change. Consider adding a documentation update or confirming the documentation plan with the Technical Writer counterpart.
For more information, see:
- The Handbook page on merge request types.
- The definition of done documentation.
This merge request contains lines with testid selectors. Please ensure e2e:test-on-omnibus
job is run.2 Messages This merge request includes changes to Vue files that have both CE and EE versions. CHANGELOG missing: If this merge request needs a changelog entry, add the
Changelog
trailer to the commit message you want to add to the changelog.If this merge request doesn't need a CHANGELOG entry, feel free to ignore this message.
Vue
<template>
in CE and EESome Vue files in CE have a counterpart in EE. (For example,
path/to/file.vue
andee/path/to/file.vue
.)When run in the context of CE, the
<template>
of the CE Vue file is used. When run in the context of EE, the<template>
of the EE Vue file is used.It's easy to accidentally make a change to a CE
<template>
that should appear in both CE and EE without making the change in both places. When this happens, the change only takes effect in CE.The following Vue files were changed as part of this merge request that include both a CE and EE version of the file:
ee/app/assets/javascripts/vue_merge_request_widget/widgets/security_reports/mr_widget_security_reports.vue
If you made a change to the
<template>
of any of these Vue files that should be visible in both CE and EE, please ensure you have made your change to both versions of the file.A better alternative
An even better alternative is to refactor this component to only use a single template for both CE and EE. More info on this approach here: https://docs.gitlab.com/ee/development/ee_features.html#template-tag
testid
selectorsThe following changed lines in this MR contain
testid
selectors:ee/app/assets/javascripts/vue_merge_request_widget/widgets/security_reports/mr_widget_security_reports.vue
+ data-testid="ai-resolvable-badge"
If the
e2e:test-on-omnibus
job in theqa
stage has run automatically, please ensure the tests are passing. If the job has not run, please start themanual:e2e-test-pipeline-generate
job in theprepare
stage and ensure the tests infollow-up:e2e:test-on-omnibus-ee
pipeline are passing.For the list of known failures please refer to the latest pipeline triage issue.
If your changes are under a feature flag, please check our Testing with feature flags documentation for instructions.
Reviewer roulette
Category Reviewer Maintainer frontend @syarynovskyi
(UTC+3, 1 hour ahead of author)
@psjakubowska
(UTC+2, same timezone as author)
Please refer to documentation page for guidance on how you can benefit from the Reviewer Roulette, or use the GitLab Review Workload Dashboard to find other available reviewers.
If needed, you can retry the
danger-review
job that generated this comment.Generated by
DangerBundle size analysis [beta]
This compares changes in bundle size for entry points between the commits 4f11e47f and ed39af32
Special assetsEntrypoint / Name Size before Size after Diff Diff in percent average 4.38 MB 4.38 MB - 0.0 % mainChunk 3.31 MB 3.31 MB - 0.0 %
Note: We do not have exact data for 4f11e47f. So we have used data from: 99b67751.
The intended commit has no webpack pipeline, so we chose the last commit with one before it.Please look at the full report for more details
Read more about how this report works.
Generated by
Dangeradded 164 commits
-
77732b50...9135f4da - 160 commits from branch
master
- baff171d - WIP: Add badge to MR widget
- 24f411be - WIP: fix prop validation error
- 530e3b79 - WIP: Add specs
- e7f158d3 - WIP: Add spec for feature flag
Toggle commit list-
77732b50...9135f4da - 160 commits from branch
added 1 commit
- fed3e561 - Add AI badge to MR widget vulnerability findings
- Resolved by Savas Vedova
requested review from @sming-gitlab
- Resolved by David Pisek
@sming-gitlab - Could you please do the initial review?
added 1 commit
- ed39af32 - Add AI badge to MR widget vulnerability findings
added pipeline:mr-approved label
added pipelinetier-3 pipeline:run-e2e-omnibus-once labels and removed pipelinetier-1 label
Before you set this MR to auto-merge
This merge request will progress on pipeline tiers until it reaches the last tier: pipelinetier-3. We will trigger a new pipeline for each transition to a higher tier.
Before you set this MR to auto-merge, please check the following:
- You are the last maintainer of this merge request
- The latest pipeline for this merge request is pipelinetier-3 (You can find which tier it is in the pipeline name)
- This pipeline is recent enough (created in the last 8 hours)
If all the criteria above apply, please set auto-merge for this merge request.
See pipeline tiers and merging a merge request for more details.
requested review from @svedova
E2E Test Result Summary
allure-report-publisher
generated test report!e2e-test-on-gdk:
test report for ed39af32expand test summary
+------------------------------------------------------------------+ | suites summary | +-------------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +-------------+--------+--------+---------+-------+-------+--------+ | Create | 128 | 0 | 18 | 0 | 146 | ✅ | | Package | 24 | 0 | 11 | 0 | 35 | ✅ | | Plan | 76 | 0 | 0 | 0 | 76 | ✅ | | Release | 5 | 0 | 0 | 0 | 5 | ✅ | | Data Stores | 33 | 0 | 1 | 0 | 34 | ✅ | | Govern | 73 | 0 | 0 | 0 | 73 | ✅ | | Monitor | 8 | 0 | 0 | 0 | 8 | ✅ | | Verify | 45 | 0 | 2 | 0 | 47 | ✅ | | Analytics | 2 | 0 | 0 | 0 | 2 | ✅ | | Fulfillment | 2 | 0 | 0 | 0 | 2 | ✅ | | Secure | 4 | 0 | 0 | 0 | 4 | ✅ | | Manage | 1 | 0 | 1 | 0 | 2 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+ | Total | 401 | 0 | 33 | 0 | 434 | ✅ | +-------------+--------+--------+---------+-------+-------+--------+
e2e-test-on-omnibus:
test report for ed39af32expand test summary
+-------------------------------------------------------------+ | suites summary | +--------+--------+--------+---------+-------+-------+--------+ | | passed | failed | skipped | flaky | total | result | +--------+--------+--------+---------+-------+-------+--------+ | Govern | 108 | 0 | 6 | 0 | 114 | ✅ | | Create | 408 | 0 | 60 | 0 | 468 | ✅ | +--------+--------+--------+---------+-------+-------+--------+ | Total | 516 | 0 | 66 | 0 | 582 | ✅ | +--------+--------+--------+---------+-------+-------+--------+
removed pipeline:run-e2e-omnibus-once label
started a merge train
mentioned in commit 32f964ed
added workflowstaging-canary label and removed workflowin dev label
added workflowcanary label and removed workflowstaging-canary label
added workflowstaging label and removed workflowcanary label
added workflowproduction label and removed workflowstaging label
added workflowpost-deploy-db-staging label and removed workflowproduction label
added workflowpost-deploy-db-production label and removed workflowpost-deploy-db-staging label
added releasedcandidate label
added releasedpublished label and removed releasedcandidate label