Draft: Record policy sync start time

What does this MR do and why?

We are working on tracking policy sync state (&19049). This MR starts keeping track of the start time that a policy sync was initiated from.

References

• #563414

How to set up and validate locally

echo "Feature.enable(:security_policies_csp)" | rails c
echo "Feature.enable(:security_policy_sync_propagation_tracking)" | rails c

1. Navigate to Admin > Settings > Security and compliance and under Compliance and security policy group, and select a group with an approval policy linked such as:

approval_policy:
- name: CSP any_merge_request
  enabled: true
  rules:
  - type: any_merge_request
    branch_type: protected
    commits: any
  actions:
  - type: require_approval
    approvals_required: 1
    role_approvers:
    - owner

2. Identify the CSP policy configuration's ID:

Security::OrchestrationPolicyConfiguration.for_namespace(
  Security::PolicySetting
    .for_organization(::Organizations::Organization.default_organization)
    .csp_namespace_id)
  .pluck(:id)
  .first

3. Subscribe to updates for the configuration as the sync progresses or query the current sync state. Verify that that startedAt is present and doesn't change during sync:

subscription sub {
  securityPoliciesSyncUpdated(policyConfigurationId: "gid://gitlab/Security::OrchestrationPolicyConfiguration/<CONFIG_ID>") {
    projectsProgress
    projectsTotal
    failedProjects
    mergeRequestsProgress
    mergeRequestsTotal
    inProgress
    startedAt
  }
}

query qry {
  securityPoliciesSyncStatus(policyConfigurationId: "gid://gitlab/Security::OrchestrationPolicyConfiguration/<CONFIG_ID>") {
    projectsProgress
    projectsTotal
    failedProjects
    mergeRequestsProgress
    mergeRequestsTotal
    inProgress
    startedAt
  }
}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #563414