Add metrics for Scheduled Pipeline Execution Policies

Andy Schoenenrequested to merge
538345-add-metrics-for-scheduled-pipeline-execution-policies into master

What does this MR do and why?

Add metrics for scheduled pipeline execution policies. Track the number of enforced pipeline execution policies.

How to set up and validate locally

  1. Create a project
  2. Add a .gitlab/security-policies/policy.yml file to the project with content: 
    ---
experiments:
  pipeline_execution_schedule_policy:
    enabled: true
pipeline_execution_schedule_policy:
- name: test
  description: ''
  enabled: true
  content:
    include:
    - project: anything
      file: anything
  skip_ci:
    allowed: false
  schedules:
  - type: daily
    start_time: '00:00'
    time_window:
      value: 3600
      distribution: random
  3. On the left sidebar, select Security & Compliance and Policies.
  4. Select Edit policy project and select your project. Then select Save.
  5. Track the event in terminal: rails runner scripts/internal_events/monitor.rb execute_job_scheduled_pipeline_execution_policy
  6. Note the ID of your project
  7. In rails console, trigger the worker (otherwise we would have to wait for up to 24 hours. Replace ID_OF_YOUR_PROJECT if the ID of your project): 
    Security::PipelineExecutionPolicies::RunScheduleWorker.new.perform(Security::PipelineExecutionProjectSchedule.where(project_id: ID_OF_YOUR_PROJECT).first.id)
  8. The event tracker should now show an event.
  9. Edit the .gitlab/security-policies/policy.yml file to add a snooze: 
    ---
experiments:
  pipeline_execution_schedule_policy:
    enabled: true
pipeline_execution_schedule_policy:
- name: test
  description: ''
  enabled: true
  content:
    include:
    - project: mr-189776/policy-ci-config
      file: policy-ci.yml
  skip_ci:
    allowed: false
  schedules:
  - type: daily
    start_time: '00:00'
    time_window:
      value: 3600
      distribution: random
    snooze:
      until: "2026-12-13T20:20:00+00:00"
  10. In rails console, trigger the worker again (Replace ID_OF_YOUR_PROJECT if the ID of your project): 
    Security::PipelineExecutionPolicies::RunScheduleWorker.new.perform(Security::PipelineExecutionProjectSchedule.where(project_id: ID_OF_YOUR_PROJECT).first.id)
  11. The event tracker should now show an event.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #538345 (closed)

Edited by Andy Schoenen

Merge request reports