Skip to content

Avoid cross-joins in `PipelinesForMergeRequestFinder`

What does this MR do?

Implements #336891 (closed)

Prevents using cross-joins for ci_ tables. A step required for database decomposition.

A decomposed query is behind a decomposed_ci_query_in_pipelines_for_merge_request_finder feature flag. (Rollout issue #341341 (closed))

Database queries

Old query

WITH "shas" AS MATERIALIZED (
  SELECT DISTINCT "merge_request_diff_commits"."sha"
  FROM "merge_request_diff_commits"
  WHERE "merge_request_diff_commits"."merge_request_diff_id" IN (
    SELECT "merge_request_diffs"."id"
    FROM "merge_request_diffs" 
    WHERE "merge_request_diffs"."merge_request_id" = 112820679 AND 
          "merge_request_diffs"."diff_type" = 1 
    ORDER BY "merge_request_diffs"."id" DESC LIMIT 100) LIMIT 10000)
  SELECT "ci_pipelines".* FROM ((SELECT "ci_pipelines".* FROM "ci_pipelines" WHERE "ci_pipelines"."source" = 10 AND "ci_pipelines"."merge_request_id" = 112820679 AND "ci_pipelines"."project_id" IN (278964, 278964))
UNION
(SELECT "ci_pipelines".*
  FROM "ci_pipelines" INNER JOIN "shas" ON encode("shas"."sha", 'hex') = "ci_pipelines"."sha"
  WHERE "ci_pipelines"."project_id" = 278964 AND 
        ("ci_pipelines"."source" IN (1, 2, 3, 4, 5, 6, 7, 8, 11) OR "ci_pipelines"."source" IS NULL) AND
        "ci_pipelines"."ref" = '336434-fix-for_project_paths-cross-join' AND
        "ci_pipelines"."tag" = FALSE)) ci_pipelines;

https://gitlab.slack.com/archives/CLJMDRD8C/p1629987229052100 (explain.depesz.com failing with 500 error, when I try to create it)

New queries

This MR was used as an example for queries: !69571 (merged)

SELECT "merge_request_diffs"."head_commit_sha"
FROM "merge_request_diffs"
WHERE "merge_request_diffs"."merge_request_id" = 115449847 AND "merge_request_diffs"."diff_type" = 1
ORDER BY "merge_request_diffs"."id" DESC
LIMIT 100
SELECT "ci_pipelines".*
FROM ((
    SELECT "ci_pipelines".*
    FROM "ci_pipelines"
    WHERE "ci_pipelines"."source" = 10 AND "ci_pipelines"."merge_request_id" = 115449847 AND "ci_pipelines"."project_id" IN (278964, 278964))
UNION
(SELECT "ci_pipelines".*
  FROM "ci_pipelines"
  WHERE "ci_pipelines"."project_id" = 278964 AND
    ("ci_pipelines"."source" IN (1, 2, 3, 4, 5, 6, 7, 8, 11) OR "ci_pipelines"."source" IS NULL) AND
    "ci_pipelines"."ref" = 'mc_rocha-add-source-to-resolves-pipelines-338645' AND
    "ci_pipelines"."tag" = FALSE AND
    "ci_pipelines"."sha" IN ('e3c4d094dab1a30ca5ac0add9a49c2e2fda088c7', '0e4e74b34de10f9db082970d016be636c1015b7d', '7b508f78b5254b4fa9b9ec2b015fa31ba02e59d9', 'b3e9b17c020bdcd3affbf3f4183aabf6c385ac74', 'fb375d64b675c716edfe7c9aa745fe0a1580c6fc', 'bb14eaae23b9e14893e8a0fc9f610e21ddb23695', '3d2823069a52385e819bce1188634749ac95da1a', 'c109baa4c50735d35d90800b34bb1f3f89a0e17b', '95aadde92beeda8aa47009d5a542247077d818ee', 'e254d9c583aa951cd0e41d4e1743182be2bbfe76', 'c7fcf8fed4721d5441e4fc6d4b3acf35dd9f6f03', 'e018641e7730739d8f392c32c45f8f1913dc54a6', 'bc368a0c28ad059ce79cfe9b2aafaf9c023c8bc4', '02d3807516b02e420b0c2efa0aa5d24f6b14ecf7', '11e5ce241b2f2fcc508e5154129bed61cefcf1f7', '618692245e558d8f267a18e3ffd5d44a1b6278e0', 'b0b812910a059028261dd5c9cb0fb40f880d28f8', '0eaadca02cee081576e1e3499fbe12f36ff4292e', 'f6468ad6e84c888f0ad0b68164d174e50f41595d', '7a1045d7b8415722798f566e036a8cdfb8757590', '00d869a8ceec6d0e0b22d5ec5a97191e6b65cc64', '0ebff5128e1243809bd2a7b2f40fb1da2aee259b', '913f61fc4ef0c02696bb8dfd39d9aa8c6a1bbdc5')
    )) ci_pipelines
    ORDER BY CASE ci_pipelines.source WHEN (10) THEN 0 ELSE 1 END, ci_pipelines.id DESC

Screenshots or Screencasts (strongly suggested)

How to setup and validate locally (strongly suggested)

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team
Edited by Vitali Tatarintev

Merge request reports

Loading