Refactor security_issues_and_merge_requests_for (!2611) · Merge requests · GitLab.org / release-tools

Steve Abrams requested to merge delivery19566-refactor-issue-crawler into master Sep 06, 2023

What does this MR do and why?

This refactors a few methods in the Security::IssueCrawler, most specifically #security_issues_and_merge_requests_for. That method used to take a security release tracking issue iid and then return all security issue linked to that issue as an API response, fetch all their related MRs, and transform them into Security::ImplementationIssues.

In this MR, we refactor #security_issues_and_merge_requests_for to instead take an array of issues, fetching their related MRs and transforming them into Security::ImplementationIssues. The benefit here is now the method can be used to transform any set of issues that are given as an API response into Security::ImplementationIssues. So we can still use it to transform the issues linked to the security release tracking issue, but we can also use it to transform the issues labeled with security-target.

The above description might be a bit confusing, so I think this comment and the examples below show what the change is doing.

With this refactor, we can now do this:

# security_issues_and_merge_requests_for the current security release issue
# (this does the exact same thing as the method was previously doing)
security_issues_and_merge_requests_for(related_security_issues)

# security_issues_and_merge_requests_for the set of issues with the security-target label
security_issues_and_merge_requests_for(evaluable_security_issues)

The new ability to get the set of issues and MRs with the security-target label will allow us to then evaluate if they are ready to be linked to a security release tracking issue or not.

Additionally, I've refactored the related spec file to reduce much of the duplicated code by moving a lot of repeated objects to top-level let variables.

Testing

I've redacted much of the results since they include details of security issues.

Click to expand

[1] pry(main)> crawler = ReleaseTools::Security::IssueCrawler.new
=> #<ReleaseTools::Security::IssueCrawler:0x000000010aa7e828>
[2] pry(main)> crawler.related_security_issues
2023-09-06 11:17:27.738025 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:17:27 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues" -
2023-09-06 11:17:28.289842 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:17:28 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
=> [#<Gitlab::ObjectifiedHash:217100 {hash: {"id....REDACTED....]

[4] pry(main)> crawler.security_issues_and_merge_requests_for(crawler.related_security_issues)
2023-09-06 11:19:16.470829 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:16 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
2023-09-06 11:19:17.044283 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.062151 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.145300 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.155017 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.232865 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.341531 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.540345 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.724985 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:17.908219 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:17 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:19:18.065689 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:19:18 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010b5d9290...REDACTED...]

[6] pry(main)> crawler.security_issues_and_merge_requests_for(crawler.evaluable_security_issues)
2023-09-06 11:21:32.296717 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fcharts%2Fcomponents%2Fimages/issues" 2
2023-09-06 11:21:32.583757 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:32 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitaly/issues" 2
2023-09-06 11:21:33.029511 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab/issues" -
2023-09-06 11:21:33.312884 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fgitlab-pages/issues" 2
2023-09-06 11:21:33.595741 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:33 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fsecurity%2Fomnibus-gitlab/issues" 2
2023-09-06 11:21:34.159230 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:21:34 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010b33e080...REDACTED...]

# this is the same as running crawler.security_issues_and_merge_requests_for(crawler.related_security_issues) shown above
[7] pry(main)> crawler.upcoming_security_issues_and_merge_requests
2023-09-06 11:22:35.129556 D [dry-run] ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/issues/XXX/links" -
2023-09-06 11:22:35.557565 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.827973 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.832248 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.839232 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.879983 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:35.919105 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:35 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.383961 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.557110 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:36.627859 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:36 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
2023-09-06 11:22:37.293130 D ReleaseTools::GitlabClient -- [HTTParty] [2023-09-06 11:22:37 -0600] 200 "GET https://gitlab.com/api/v4/projects/XXX/issues/XXX/related_merge_requests" -
=> [#<ReleaseTools::Security::ImplementationIssue:0x000000010aabcbc8...REDACTED...]

Author Check-list

[-] Has documentation been updated?

Edited Sep 06, 2023 by Steve Abrams

Refactor security_issues_and_merge_requests_for

What does this MR do and why?

Testing

Author Check-list

Merge request reports