Resolve "Upload metrics images to the metrics tab on incidents"

What does this MR do?

This adds the ability to upload Metric images (and an optional URL) to Incident issues (issue_type = incident).

We do this by adding a GraphQL endpoint to accept the file, one at a time. We have a 1MB limit on the files which I"ve added to a constant MAX_FILE_SIZE.

database Information:

New table:

• Name: issuable_metric_images
• FK (issue_id - indexed)
• All text columns limited

UP

== 20201103045515 AddIssuableMetricImages: migrating ==========================
-- table_exists?(:issuable_metric_images)
   -> 0.0012s
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0004s
-- execute("ALTER TABLE issuable_metric_images\nADD CONSTRAINT check_5b3011e234\nCHECK ( char_length(url) <= 255 )\nNOT VALID;\n")
   -> 0.0017s
-- current_schema()
   -> 0.0003s
-- execute("SET statement_timeout TO 0")
   -> 0.0003s
-- execute("ALTER TABLE issuable_metric_images VALIDATE CONSTRAINT check_5b3011e234;")
   -> 0.0008s
-- execute("RESET ALL")
   -> 0.0003s
-- transaction_open?()
   -> 0.0001s
-- current_schema()
   -> 0.0002s
-- execute("ALTER TABLE issuable_metric_images\nADD CONSTRAINT check_7ed527062f\nCHECK ( char_length(file) <= 255 )\nNOT VALID;\n")
   -> 0.0006s
-- current_schema()
   -> 0.0003s
-- execute("ALTER TABLE issuable_metric_images VALIDATE CONSTRAINT check_7ed527062f;")
   -> 0.0007s
== 20201103045515 AddIssuableMetricImages: migrated (0.0234s) =================

DOWN

== 20201103045515 AddIssuableMetricImages: reverting ==========================
-- drop_table(:issuable_metric_images)
   -> 0.0098s
== 20201103045515 AddIssuableMetricImages: reverted (0.0098s) =================

backend Information:

• This is a GitLab Premium feature.
• This is specifically for Incidents at the moment, but because an Incident is an Issuable i've tried to keep things generic enough so we could integrate it into other Issuable types in the future.
• The upload is being done via CarrierWave into ObjectStore, using the technique specified here.
• We are limiting files to be uploaded one at a time, and 1MB. This should prevent any upload issues and reduce the need for DirectUpload.

GraphQL Information

We've introduced a new mutation in order to upload the file: issueUploadMetric

We have added a GraphQL field for reading the metric images via GraphQL

REST API

• We have added an upload path: POST /api/v4/projects/:id/issues/iid/metric_images
• This is accelerated by Workhorse. Workhorse MR is: gitlab-workhorse!653 (merged)
• We will need to bump the workhorse version when that new build is released.
• We have also added a GET for metric images: GET /api/v4/projects/:id/issues/iid/metric_images

Example REST Queries

POST

curl --location --request POST 'localhost:3000/api/v4/projects/4/issues/30/metric_images' \
--header 'Authorization: Bearer <UKadd6i9DwJ9w97dS5ej' \
--form 'file=@/Users/seanarnold/Desktop/2020-08-19 14.53.16.gif' \
--form 'url=https://www.google.com'

Response:

{
    "id": 30,
    "created_at": "2020-11-17T03:19:48.509Z",
    "filename": "2020-08-19_14.53.16.gif",
    "file_path": "/uploads/-/system/issuable_metric_image/file/30/2020-08-19_14.53.16.gif",
    "url": "https://www.google.com"
}

GET

curl --location --request GET 'localhost:3000/api/v4/projects/4/issues/30/metric_images' \
--header 'Authorization: Bearer UKadd6i9DwJ9w97dS5ej'

Response:

    {
        "id": 17,
        "created_at": "2020-11-17T03:19:48.509Z",
        "filename": "2020-08-19_14.53.16.gif",
        "file_path": "/uploads/-/system/issuable_metric_image/file/30/2020-08-19_14.53.16.gif",
        "url": "https://www.google.com"
    },
    {
        "id": 18,
        "created_at": "2020-11-12T20:14:26.441Z",
        "filename": "unr_sample_161118_2054_ynlrg.png",
        "file_path": "/uploads/-/system/issuable_metric_image/file/18/unr_sample_161118_2054_ynlrg.png",
        "url": "https://Test.com"
    }
]

Does this MR meet the acceptance criteria?

Conformity

• Changelog entry
• Documentation (if required)
• Code review guidelines
• Merge request performance guidelines
• Style guides
• Database guides
• Separation of EE specific content

Availability and Testing

• Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process.
• Tested in all supported browsers
• Informed Infrastructure department of a default or new setting change, if applicable per definition of done

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

• Label as security and @ mention @gitlab-com/gl-security/appsec
• The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
• Security reports checked/validated by a reviewer from the AppSec team

Related to #235994 (closed)