Add background job to enable SPP for all projects across an entire group

Overview

In order to allow customers to enable Secret Push Protection at scale, we have decided to create a new API endpoint that gives them the ability to toggle the feature on or off for all projects nested inside a group (including projects in nested groups).

To do that, we have to introduce a background/sidekiq job to perform this operation efficiently and asynchronously. This is also to ensure we don't block the security team or the administrator responsible for enabling/disabling those projects while waiting on the completion of this process.

Proposal

Following the guidelines, create a background job to change the status of the project-level setting for projects nested under a group.

Note: it is recommend to put similar changes behind a feature flag. The final decision here is left for whomever is picking up this issue though.

Requirements

The job should be idempotent and transactional.
The job should accept a group id to process all projects in the group.
The job should process the list of projects in batches (possibly using a child worker).

Edited Nov 06, 2024 by Ahmed Hemdan