Create a GraphQL field to return codequality reports of a merge request
What does this MR do and why?
This merge request introduces a new GraphQL field codequality_reports_comparer
that represent compared codequality reports for a certain merge request. This will be used to display codequality degradations in a merge request Changes
tab.
The new field was added to Types::MergeRequestType
to resemble how /codequality_reports
endpoint currently work, and it required a number of types and a resolver to be created as well:
Types::Security::CodequalityReportsComparerType
Types::Security::CodequalityReportsComparer::ReportType
Types::Security::CodequalityReportsComparer::DegradationType
Types::Security::CodequalityReportsComparer::SummaryType
Types::Security::CodequalityReportsComparer::StatusEnum
Resolvers::CodequalityReportsComparerResolver
And a slight change to CodequalityDegradationEntity
to ensure fingerprint
is exposed when the feature flag is enabled.
Please see these two discussions for further information and history on the implementation: 1, 2.
The goal is to allow consumers of the GraphQL API to make similar requests to the one below:
query getMRCodequalityReports {
project(fullPath: "PROJECT_FULL_PATH") {
mergeRequest(iid: "MERGE_REQUEST_ID") {
title
codequalityReportsComparer {
report {
status
newErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
resolvedErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
existingErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
summary {
errored
resolved
total
}
}
}
}
}
}
And receive a response that include the codequality report for this merge request.
Please note: the field is only available when the feature flag sast_reports_in_inline_diff
is enabled, which was used previously for a related feature but didn't see the light as a result of a redesign. The feature flag was agreed to be used for any backend changes created to support inclusion of SAST findings in MR changes tab, and has a corresponding rollout issue, and will be rolled out gradually after this merge request is merged. As such, there's no changelog trailer because as the changes are introduced behind a feature flag, per guidance.
Resolves #418831 (closed).
How to set up and validate locally
To validate locally, please follow the instructions below.
- Create a new project on your local GDK setup.
- Make sure to enable Code Quality for the project by adding the following snippet to
.gitlab-ci.yml
:
include:
- template: Code-Quality.gitlab-ci.yml
- Create a new branch, for example called
add-codequality-degradation
, and add the following code to a file namedfoo.rb
:
def badName
if something
test
end
end
- Push the branch to the repository, and create a merge request for that branch.
- Wait until the pipeline completes running, and the codequality report to be generated.
- Try to load the codequality report via GraphQL using the query below in graphql-explorer:
query getMRCodequalityReports {
project(fullPath: "FULL_PATH") {
mergeRequest(iid: "MR_ID") {
title
codequalityReportsComparer {
report {
status
newErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
resolvedErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
existingErrors {
description
fingerprint
severity
filePath
line
webUrl
engineName
}
summary {
errored
resolved
total
}
}
}
}
}
}
Do not forget to replace MR_ID
with the merge request id, and FULL_PATH
with the :namespace/:project
path of your project.
- Verify that
codequalityReportsComparer
returnsnull
. - Enable the feature flag in Rails console:
Feature.enable(:sast_reports_in_inline_diff)
- Restart your GDK and repeat the above query.
codequalityReportsComparer
should now be populated with data.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.