Update compliance violations app to fetch results from GraphQL API
What does this MR do and why?
This MR updates the compliance report app to connect it with the actual GraphQL API and removes the local resolver as described in #342897 (closed).
It also adds the compliance report violation feature specs to resolve #347302 (closed).
This change is part of a series of changes to update the compliance dashboard &6870 (closed) and is deployed behind a default off feature flag.
Screenshots or screen recordings
| Before | After |
|---|---|
 |
 |
| Recording |
|---|
| Screen_Recording_2022-03-15_at_15.59.54 |
How to set up and validate locally
- You need a GitLab Ultimate license.
- Enable the feature flag in your terminal:
echo "Feature.enable(:compliance_violations_report);" | rails c - View the compliance report and use the pagination feature:
[GDK_HOST]/groups/gitlab-org/-/security/compliance_dashboard - If the report is empty, run the following in
rails cto create violations:
FactoryBot.definition_file_paths = [Rails.root.join('ee', 'spec', 'factories')]
FactoryBot.find_definitions
# Group 22 is gitlab-org by default
group = Group.find_by_id(22)
type = [:approved_by_insufficient_users, :approved_by_committer, :approved_by_merge_request_author]
levels = [:high, :low, :medium, :critical]
violations = 25.times.map {
project = group.projects.sample
merge_request = FactoryBot.create(:merge_request, source_project: project, target_project: project, state: :merged)
merge_request.metrics.update!(merged_at: rand(1..30).days.ago)
FactoryBot.create(:compliance_violation, type.sample, severity_level: levels.sample, merge_request: merge_request, violating_user: project.members.sample.user)
}MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #342897 (closed)
Edited by Jiaan Louw