Skip to content

Draft: Returns latest pipeline with scheduled PEP graphql

What does this MR do and why?

We want to add the status of the latest pipeline that was created by a scheduled pipeline execution policy to the policy editor. To archive this, the MR introduces a new Ci::GroupPipelinesFinder to query pipelines across group projects and enhances the GraphQL PipelineExecutionSchedulePolicy type with a latestScheduledPipeline field.

Scheduled pipelines are not linked to the policy that created them, so there is no way to tell if the policy actually created the latest pipeline. I marked the new field as experiment so we can test if it is actually helpful.

Solution

New Ci::GroupPipelinesFinder: Provides consistent pipeline querying across group projects with proper authorization, filtering, and sorting Enhanced GraphQL field: Adds latestScheduledPipeline to PipelineExecutionSchedulePolicy type to expose pipeline execution status

References

How to set up and validate locally

  1. Create a new group.
  2. Create a new project on the group.
  3. Add a .gitlab/security-policies/policy.yml file to the project with content (Replace path/to/project with the path to your project):
    ---
    experiments:
      pipeline_execution_schedule_policy:
        enabled: true
    pipeline_execution_policy: []
    approval_policy: []
    pipeline_execution_schedule_policy:
      - name: test
        description: ''
        enabled: true
        pipeline_config_strategy: schedule
        content:
          include:
            - project: path/to/project
              file: policy-ci.yml
        schedules:
          - type: daily
            start_time: '10:00'
            time_window:
              value: 600
              distribution: random
  4. Go back to the group page and on the left sidebar, select Security & Compliance and Policies.
  5. Select Edit policy project and select your project. Then select Save.
  6. Start the schedule worker manually to trigger the schedule:
    Security::PipelineExecutionPolicies::RunScheduleWorker.new.perform(Security::PipelineExecutionProjectSchedule.last.id)
  7. Open the GraphQL explorer http://gdk.test:3000/-/graphql-explorer
  8. Run the query for the group you created (replace group-path with the path of your group):
    query {
      group(fullPath: "group-path") {
        pipelineExecutionSchedulePolicies {
          nodes {
            name
            latestScheduledPipeline {
              id
              status
              createdAt
            }
          }
        }
      }
    }

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #528299

Edited by Andy Schoenen

Merge request reports

Loading