Backport of 'Add ai_workflows scope'

What does this MR do and why?

!231394 (merged) was merged into master for 19.0. This fix needs to be backported to the 18-11-stable-ee branch.

The fix adds the ai_workflows authorization scope to GraphQL fields for pipeline security report findings. Without it, the AI Gateway's list_security_findings tool fails for push-sourced pipelines — Rails rejects the GraphQL calls because the ai_workflows OAuth scope is not permitted on those fields.

A Python-only hotfix at the AI Gateway layer is not sufficient — the gateway's calls depend on these GraphQL field scope changes being present in the Rails application.

Related to https://gitlab.com/gitlab-org/gitlab/-/work_items/600188

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

  • This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch.
  • The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes).
  • The MR title is descriptive (e.g. "Backport of 'title of default branch MR'"). This is important, since the title will be copied to the patch blog post.
  • Required labels have been applied to this merge request
  • This MR has been approved by a maintainer (only one approval is required).
  • Ensure the e2e:test-on-omnibus-ee job has succeeded, or if it has failed, investigate the failures. If you determine the failures are unrelated, you may proceed. If you need assistance investigating, reach out to a Software Engineer in Test in #s_developer_experience.

Note to the merge request author and maintainer

If you have questions about the patch release process, please:

Edited by Hitesh Raghuvanshi

Merge request reports

Loading