Infinite loading/scrolling in security reports
Problem to solve
During the process of moving security reports logic to the backend we encountered a small problem. Previously, the reports would send down all the vulnerabilities at once so we only had to do one fetch request and could use tricks like checking the list length to get the number of vulnerabilities. Unfortunately, the new API is a paginated list (which it absolutely should be) so we have to rethink a few things.
Further details
-
We need a new way of getting the totals: This is pretty much sorted as we can use the
X-Total
header on the first request. This has been mostly implemented in !14887 (closed) - We need actions that allow us to fetch the next page of results for a report
- We need to implement some kind of infinite loading that hooks into those actions
- This all needs to be toggle able as the reports will sit behind a feature flag
- Security reports are heavily tied in to the junit reports, we need to be careful
There's a lot of potential for adding some kind of infinite scrolling list to GitLab UI. One already exists for roadmaps, but the logic is fairly heavily tied to that specific usage. Let's avoid doing that and try to make this list as re-usable as possible.
We could also consider a third party implementation that we should wrap with GitLab UI to promote re-use. I had a quick go with Vue Infinite Loading that works reasonably well, but gets a bit confusing when you try and integrate it with VueX. You may have more success than I did though.
Proposal
I convered a lot of this in the previous section, but this GIF shows basically what we want to achieve:
Permissions and Security
This will be behind feature flags so make sure we can still use either report.
Documentation
See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements
Testing
Make sure this change doesn't affect the current reports, only work behind the appropriate feature flag and doesn;t mess with the heavily linked junit reports.