Refactor security_issues_and_merge_requests_for
What does this MR do and why?
This refactors a few methods in the Security::IssueCrawler
, most specifically #security_issues_and_merge_requests_for
. That method used to take a security release tracking issue iid and then return all security issue linked to that issue as an API response, fetch all their related MRs, and transform them into Security::ImplementationIssue
s.
In this MR, we refactor #security_issues_and_merge_requests_for
to instead take an array of issues, fetching their related MRs and transforming them into Security::ImplementationIssue
s. The benefit here is now the method can be used to transform any set of issues that are given as an API response into Security::ImplementationIssue
s. So we can still use it to transform the issues linked to the security release tracking issue, but we can also use it to transform the issues labeled with security-target.
The above description might be a bit confusing, so I think this comment and the examples below show what the change is doing.
With this refactor, we can now do this:
# security_issues_and_merge_requests_for the current security release issue
# (this does the exact same thing as the method was previously doing)
security_issues_and_merge_requests_for(related_security_issues)
# security_issues_and_merge_requests_for the set of issues with the security-target label
security_issues_and_merge_requests_for(evaluable_security_issues)
The new ability to get the set of issues and MRs with the security-target label will allow us to then evaluate if they are ready to be linked to a security release tracking issue or not.
Additionally, I've refactored the related spec file to reduce much of the duplicated code by moving a lot of repeated objects to top-level let
variables.
Related to gitlab-com/gl-infra/delivery#19566 (closed).
Testing
I've redacted much of the results since they include details of security issues.
Click to expand
[1] pry(main)> crawler = ReleaseTools::Security::IssueCrawler.new
=> #<ReleaseTools::Security::IssueCrawler:0x000000010aa7e828>
[2] pry(main)> crawler.related_security_issues
2023-09-06 11:17:27.738025 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:17:27 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-06 11:17:28.289842 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:17:28 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
=> [#<Gitlab::ObjectifiedHash:217100 {hash: {"id....REDACTED....]
[4] pry(main)> crawler.security_issues_and_merge_requests_for(crawler.related_security_issues)
2023-09-06 11:19:16.470829 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:16 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
2023-09-06 11:19:17.044283 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.062151 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.145300 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.155017 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.232865 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.341531 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.540345 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.724985 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.908219 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:18.065689 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:18 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010b5d9290...REDACTED...]
[6] pry(main)> crawler.security_issues_and_merge_requests_for(crawler.evaluable_security_issues)
2023-09-06 11:21:32.296717 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fcharts%2Fcomponents%2Fimages/issues" 2
2023-09-06 11:21:32.583757 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitaly/issues" 2
2023-09-06 11:21:33.029511 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab/issues" -
2023-09-06 11:21:33.312884 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab-pages/issues" 2
2023-09-06 11:21:33.595741 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fomnibus-gitlab/issues" 2
2023-09-06 11:21:34.159230 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:34 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010b33e080...REDACTED...]
# this is the same as running crawler.security_issues_and_merge_requests_for(crawler.related_security_issues) shown above
[7] pry(main)> crawler.upcoming_security_issues_and_merge_requests
2023-09-06 11:22:35.129556 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
2023-09-06 11:22:35.557565 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.827973 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.832248 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.839232 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.879983 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.919105 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.383961 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.557110 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.627859 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:37.293130 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:37 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010aabcbc8...REDACTED...]
Author Check-list
- [-] Has documentation been updated?