Evaluate Component Performance Testing for Secret Push Protection in MRs

Overview

Currently, we manually conduct performance tests for Secret Push Protection using GitLab Performance Tool (GPT) as described in gitlab-org/quality/performance#629. While we're working to formalize these tests into GPT, we should explore whether Component Performance Testing (CPT) could provide a more efficient "shift-left" approach to test Secret Push Protection performance directly in MRs.

Component Performance Testing, as developed in gitlab-org/quality&122 (closed), enables testing individual components in isolation without spinning up a self managed GitLab instance, significantly reducing setup and execution times compared to traditional GPT testing.

Questions to Explore

1. Is Secret Push Protection a suitable candidate for Component Performance Testing?
2. Can we isolate the Secret Push Protection component for testing without a self managed GitLab instance?
3. What would be required to implement this approach?
   • Test environment setup requirements
   • Test data generation needs
   • Metrics collection and reporting approach
4. Can this testing be done against a GitLab Docker instance?

Expected Benefits

• Earlier detection of performance issues in the development cycle
• Faster feedback loops for developers
• Reduced resource requirements compared to full GPT testing
• Ability to test performance impacts of changes before they are merged into master

cc @ksvoboda