Merge branch '338665-vuln-finding-pipelines' into 'master'

Disable `Vulnerabilities::Finding` joins in `Ci::Pipeline` See merge request gitlab-org/gitlab!70216

Merge branch '338665-vuln-finding-pipelines' into 'master'
Disable `Vulnerabilities::Finding` joins in `Ci::Pipeline` See merge request gitlab-org/gitlab!70216
bfdb9d7a · Dylan Griffith · 629543bd · 04456776 · bfdb9d7a · bfdb9d7a
Commit bfdb9d7a authored Oct 08, 2021 by Dylan Griffith
5 changed files
--- a/config/feature_flags/development/finding_ci_pipeline_disable_joins.yml
+++ b/config/feature_flags/development/finding_ci_pipeline_disable_joins.yml
+---
+name: finding_ci_pipeline_disable_joins
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/70216
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/338665
+milestone: '14.3'
+type: development
+group: group::threat insights
+default_enabled: true
--- a/ee/app/controllers/projects/security/vulnerabilities_controller.rb
+++ b/ee/app/controllers/projects/security/vulnerabilities_controller.rb
@@ -19,7 +19,7 @@ module Projects
      feature_category :vulnerability_management

      def show
-        pipeline = vulnerability.finding.pipelines.first
+        pipeline = vulnerability.finding.first_finding_pipeline
        @pipeline = pipeline if Ability.allowed?(current_user, :read_pipeline, pipeline)
        @gfm_form = true
      end

--- a/ee/app/models/vulnerabilities/finding.rb
+++ b/ee/app/models/vulnerabilities/finding.rb
@@ -38,7 +38,7 @@ module Vulnerabilities
    has_many :remediations, through: :finding_remediations

    has_many :finding_pipelines, class_name: 'Vulnerabilities::FindingPipeline', inverse_of: :finding, foreign_key: 'occurrence_id'
-    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline'
+    has_many :pipelines, through: :finding_pipelines, class_name: 'Ci::Pipeline', disable_joins: -> { ::Feature.enabled?(:finding_ci_pipeline_disable_joins, default_enabled: :yaml) }

    has_many :signatures, class_name: 'Vulnerabilities::FindingSignature', inverse_of: :finding

@@ -105,11 +105,6 @@ module Vulnerabilities
        .where("vulnerability_occurrences.location -> 'image' ?| array[:images]", images: images)
    end

-    def self.for_pipelines(pipelines)
-      joins(:finding_pipelines)
-        .where(vulnerability_occurrence_pipelines: { pipeline_id: pipelines })
-    end
-
    def self.counted_by_severity
      group(:severity).count.transform_keys do |severity|
        severities[severity]
@@ -368,13 +363,21 @@ module Vulnerabilities
    end

    def pipeline_branch
-      pipelines&.last&.sha || project.default_branch
+      last_finding_pipeline&.sha || project.default_branch
    end

    def false_positive?
      vulnerability_flags.false_positive.any?
    end

+    def first_finding_pipeline
+      finding_pipelines.first&.pipeline
+    end
+
+    def last_finding_pipeline
+      finding_pipelines.last&.pipeline
+    end
+
    protected

    def primary_identifier_fingerprint

--- a/ee/app/presenters/vulnerability_presenter.rb
+++ b/ee/app/presenters/vulnerability_presenter.rb
@@ -69,7 +69,7 @@ class VulnerabilityPresenter < Gitlab::View::Presenter::Delegated
  end

  def pipeline_branch
-    finding.pipelines&.last&.sha || project.default_branch
+    finding.pipeline_branch
  end

  def path_with_line_number(path)

--- a/ee/spec/factories/vulnerabilities/findings.rb
+++ b/ee/spec/factories/vulnerabilities/findings.rb
@@ -235,8 +235,7 @@ FactoryBot.define do
    trait :with_pipeline do
      after(:create) do |finding|
        pipeline = create(:ci_pipeline, project: finding.project)
-
-        finding.pipelines = [pipeline]
+        create(:vulnerabilities_finding_pipeline, finding: finding, pipeline: pipeline)
      end
    end