Show and delete discussion note

Scott Hamptonrequested to merge
541095-show-and-delete-discussion-note into master

What does this MR do and why?

Add the ability to view and delete comments for a compliance violation via the UI.

This doesn't allow you to add comments yet, so realistically most people won't see this change unless the make a comment directly through the API.

References

Related to #541095 (closed)

Screenshots or screen recordings

Screenshot_2025-08-22_at_3.06.55_PM

How to set up and validate locally

  1. You need to have a group with Ultimate license.
  2. Required data, you can do either of following steps:
    1. You can checkout branch hraghuvanshi-comp-violations-seeder and run command FILTER=compliance_report_data SEED_COMPLIANCE_REPORT_DATA=1 GROUPID=<group_id> bundle exec rake db:seed_fu for filling required data and you can run query.
    2. Create all items manually:

      1. You need to have at least one project under the group, atleast one audit event related to the project.

      2. Also, have at least one compliance framework in the group, the framework should have atleast one compliance control.

      3. The framework should be applied to the project.

      4. Now create a compliance violation entry in the database by running following command in the rails console:

        ComplianceManagement::Projects::ComplianceViolation.create(project_id: <project_id>, namespace_id: <namespace_id>, audit_event_id: <audit_event_id>, compliance_requirements_control_id: <compliance_requirements_control_id>, status: 0, audit_event_table_name: 0)
  3. Navigate to the project that now has the violation, and go to path/to/project/-/security/compliance_violations/<violation-id>
  4. Add a discussion note to the violation via the GraphQL API
mutation {
  createNote(input: {
    body: "Test Note from GraphQL API with mentioning @root user",
    noteableId: "gid://gitlab/ComplianceManagement::Projects::ComplianceViolation/<your-violation-id>"
  }) {
    note {
      id,
      discussion {
        id
      }
      body
    }
    errors
  }
}
  1. Verify that the note shows up on the violation details page
  2. Verify that you can copy an use link to that specific note
  3. Verify that you can delete the note from the UI on the violation details page

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Scott Hampton

Merge request reports