Skip to content

Add polling to security widget GraphQL

Samantha Mingrequested to merge
579610-security-widget-graphql-polling into 574432-create-utils-enable-scans

What does this MR do and why?

Implements polling mechanism for the security widget's GraphQL query. When the report status is PARSING, the widget returns polling headers with a interval to trigger automatic re-fetching until the report is fully parsed (response is PARSED. This ensures the security widget displays up-to-date scan results without requiring manual refresh.

Changes Issue
Make GraphQL query available Make GraphQL query available in the security wi... (!211509)
Add polling 👈 This MR
Transform GraphQL data to match REST format [FE] Transform GraphQL data to match REST endpo... (#579662)
Add error handling [FE] Implement error handling for GraphQL (#579611)

References

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Enable FF mr_security_widget_graphql
  2. Clone this project > https://gitlab.com/gitlab-org/govern/threat-insights-demos/frontend/validity-checks
  3. Create a MR similar to this > gitlab-org/govern/threat-insights-demos/frontend/validity-checks!8
  4. The loading will appear and request is continuously made until there is a response

Apply this patch to see the loading effect:

diff --git a/ee/app/services/security/merge_request_security_report_generation_service.rb b/ee/app/services/security/merge_request_security_report_generation_service.rb
index 57836b69dfbe..94db1ccfc50a 100644
--- a/ee/app/services/security/merge_request_security_report_generation_service.rb
+++ b/ee/app/services/security/merge_request_security_report_generation_service.rb
@@ -109,6 +109,8 @@ def fixed_findings
       return old_report if Feature.disabled?(:vulnerability_partial_scans, project)
 
       with_reactive_cache(params.stringify_keys) do |data|
+        # Add artificial delay for testing GraphQL polling
+        sleep(5) if Rails.env.development?
         latest = Vulnerabilities::CompareSecurityReportsService.new(project, nil, params).latest?(base_pipeline,
           head_pipeline, data)
         raise InvalidateReactiveCache unless latest

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #579610

Edited by Samantha Ming

Merge request reports