Resolve "Security Configuration: Integrate with GraphQL API"

David Pisekrequested to merge
577520-security-configuration-integrate-with-graphql-api into master

What does this MR do and why?

This MR integrates the security tracked refs feature with the actual GraphQL API backend by:

  1. Removing the @client directive from the securityTrackedRefsQuery - queries now use the real backend instead of using local Apollo resolvers
  2. Deleting mock resolver files that were used for local development and UI prototyping:
    • app/assets/javascripts/security_configuration/graphql/resolvers.js (empty CE stub)
    • ee/app/assets/javascripts/security_configuration/graphql/resolvers.js (mock data and pagination logic)
  3. Simplifying Apollo client setup - removed custom resolvers and cache configuration that were only needed for the mock implementation

This change moves the feature from a client-side mock implementation to using the production GraphQL API, enabling real data to be displayed in the security configuration tracked refs list.

References

Related to #577520 (closed)

Screenshots or screen recordings

Before After

How to set up and validate locally

  1. Make sure you have the FF enabled: http://gdk.test:3000/rails/features/vulnerabilities_across_contexts
  2. Navigate to a project's Security Configuration page
  3. Verify the tracked refs list loads data from the actual API:
    • Open browser DevTools → Network tab
    • Filter by "graphql"
    • Confirm you see a getSecurityTrackedRefs query being sent to the server (not resolved locally)
    • Hint: Per default the main branch should be displayed
  4. Test pagination:
    • Navigate between pages
    • Verify data loads correctly for each page

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by David Pisek

Merge request reports