Skip to content

Check namespace setting for XRay scan

Mikołaj Wawrzyniak requested to merge mwaw/chec_namespace_settings_when_using_xray_and_resepect_feature_flag into master

What does this MR do and why?

Check namespace setting for XRay scan

AI AddOn feature is not available yet. Add feature flag check to XRay scan endpoint to respect that. Since AI AddOn is not available, lets reuse code suggestion flow for authorisation access.

Make sure that namespace has code suggestions enabled before running scan.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. Make sure that AI Gateway is working on your local env
  2. Select Ci::Build from namespace with code suggestions add on purchased
  3. Update build state to running
  4. Set build token to any value eg: secret 
project = Project.find 2
build = project.builds.first
build.set_token 'secret'
build.status = "running"
build.save
namespace = build.project.namespace
  1. Run gdk as SaaS https://docs.gitlab.com/ee/development/ee_features.html#simulate-a-saas-instance
  2. Disable ::Feature.disable(:purchase_code_suggestions)

Use build id and token to make curl request to API endpoint

 curl -v -X POST -H "Content-Type: Application/json"  http://gdk.test:3000/api/v4/internal/jobs/1/x_ray/scan --data '{
  "token": "tajnyToken",
  "prompt_components": [
     {
       "type":"x_ray_package_file_prompt",
       "payload":{
         "prompt": "Human: Parse following content of {file_name}. Respond using only valid JSON with list of libraries available to use and their short description\n\n{file_name} content:\n\n```\n{content}\n```\n\n Assistant: {{\n\"libraries\":[{{\"name\": \"",
         "provider": "anthropic",
         "model": "claude-2.0"
       },
       "metadata": { "scannerVersion": "0.0.1" }
     }
  ]
 }'

To get authorised with ::Feature.enable(:purchase_code_suggestions) enabled

FactoryBot.create(:gitlab_subscription_add_on_purchase, add_on: FactoryBot.create(:gitlab_subscription_add_on), namespace: namespace)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vitali Tatarintev

Merge request reports