### Release notes <!-- What is the problem and solution you're proposing? This content sets the overall vision for the feature and serves as the release notes that will populate in various places, including the [release post blog](https://about.gitlab.com/releases/categories/releases/) and [Gitlab project releases](https://gitlab.com/gitlab-org/gitlab/-/releases). " --> ### Problem to solve Follows up on ~spike https://gitlab.com/gitlab-org/gitlab/-/issues/436545. We need to: * enforce Scan Execution Policy (SEP) `action` limits * measure the performance of SEP CI template rendering * ship performance optimisations that allow us to increase those limits ### Proposal From https://gitlab.com/gitlab-org/gitlab/-/issues/436545#note_1976985099: >Per our maintenance policy, we need to request an exception so we can introduce the action count limitation breaking change in a minor version. > >What we can ship today: > >* https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157955 adds a new timeseries metric which is labelled by `project_id` and `action_count`. >* https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157781 caches SEP CI templates; the optimisation I mentioned at the top > >I've opened drafts for enforcing new limits: > >* https://gitlab.com/gitlab-org/gitlab/-/merge_requests/146760 adds an application setting and a policy editor error message >* https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157342 and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/157345 which enforce the limits > >I chose not to enforce the action limit in the JSON schema, because we can't control schemas with feature flags. Even if the FF is enabled by default, we can still disable it selectively. > >This will allow us to disable the action limit even once shipped for our test projects. We can then create scheduled SEP with large action counts, and because the timeseries is labelled by `project_id`, we can query service performance for these projects individually. ### Intended users n/a <!-- Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later. Personas are described at https://handbook.gitlab.com/handbook/product/personas/ * [Parker (Product Manager)](https://handbook.gitlab.com/handbook/product/personas/#parker-product-manager) * [Delaney (Development Team Lead)](https://handbook.gitlab.com/handbook/product/personas/#delaney-development-team-lead) * [Presley (Product Designer)](https://handbook.gitlab.com/handbook/product/personas/#presley-product-designer) * [Sasha (Software Developer)](https://handbook.gitlab.com/handbook/product/personas/#sasha-software-developer) * [Priyanka (Platform Engineer)](https://handbook.gitlab.com/handbook/product/personas/#priyanka-platform-engineer) * [Sidney (Systems Administrator)](https://handbook.gitlab.com/handbook/product/personas/#sidney-systems-administrator) * [Rachel (Release Manager)](https://handbook.gitlab.com/handbook/product/personas/#rachel-release-manager) * [Simone (Software Engineer in Test)](https://handbook.gitlab.com/handbook/product/personas/#simone-software-engineer-in-test) * [Allison (Application Ops)](https://handbook.gitlab.com/handbook/product/personas/#allison-application-ops) * [Ingrid (Infrastructure Operator)](https://handbook.gitlab.com/handbook/product/personas/#ingrid-infrastructure-operator) * [Dakota (Application Development Director)](https://handbook.gitlab.com/handbook/product/personas/#dakota-application-development-director) * [Dana (Data Analyst)](https://handbook.gitlab.com/handbook/product/personas/#dana-data-analyst) * [Eddie (Content Editor)](https://handbook.gitlab.com/handbook/product/personas/#eddie-content-editor) * [Amy (Application Security Engineer)](https://handbook.gitlab.com/handbook/product/personas/#amy-application-security-engineer) * [Isaac (Infrastructure Engineer)](https://handbook.gitlab.com/handbook/product/personas/#isaac-infrastructure-security-engineer) * [Alex (Security Operations Engineer)](https://handbook.gitlab.com/handbook/product/personas/#alex-security-operations-engineer) * [Cameron (Compliance Manager)](https://handbook.gitlab.com/handbook/product/personas/#cameron-compliance-manager) --> ### Feature Usage Metrics We introduce a new timeseries metric that measures the time needed to render SEP CI templates. ### Does this feature require an audit event? No <!--- Checkout these docs to know more https://docs.gitlab.com/ee/development/audit_event_guide/#what-are-audit-events https://docs.gitlab.com/ee/administration/audit_events.html ---> <!-- Label reminders Make sure to add the appropriate labels for the product stage and/or group (e.g ~"devops::plan") if known and add a comment tagging the appropriate Product Manager. Use the following resources to find the appropriate labels: - Use only one tier label choosing the lowest tier this is intended for - https://gitlab.com/gitlab-org/gitlab/-/labels - https://about.gitlab.com/handbook/product/categories/features/ Examples: /label ~group:: ~section:: ~Category: /label ~"GitLab Free" ~"GitLab Premium" ~"GitLab Ultimate" -->