Merge branch '342380-finding-build' into 'master'

Use disable join to avoid doing cross-join via `ci_builds` in `Security::Finding.build` See merge request gitlab-org/gitlab!72738

Merge branch '342380-finding-build' into 'master'
Use disable join to avoid doing cross-join via `ci_builds` in `Security::Finding.build` See merge request gitlab-org/gitlab!72738
ecbb7f37 · Dylan Griffith · 3acfc746 · 08791fbe · ecbb7f37 · ecbb7f37
Commit ecbb7f37 authored Oct 22, 2021 by Dylan Griffith
Showing with 10 additions and 2 deletions

config/feature_flags/development/security_finding_build_disable_joins.yml ...lags/development/security_finding_build_disable_joins.yml +8 -0

ee/app/models/security/finding.rb ee/app/models/security/finding.rb +2 -2

No files found.
--- a/config/feature_flags/development/security_finding_build_disable_joins.yml
+++ b/config/feature_flags/development/security_finding_build_disable_joins.yml
+---
+name: security_finding_build_disable_joins
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72738
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/342380
+milestone: '14.4'
+type: development
+group: group::threat insights
+default_enabled: true
--- a/ee/app/models/security/finding.rb
+++ b/ee/app/models/security/finding.rb
@@ -14,7 +14,7 @@ module Security
    belongs_to :scan, inverse_of: :findings, optional: false
    belongs_to :scanner, class_name: 'Vulnerabilities::Scanner', inverse_of: :security_findings, optional: false

-    has_one :build, through: :scan
+    has_one :build, through: :scan, disable_joins: -> { ::Feature.enabled?(:security_finding_build_disable_joins, default_enabled: :yaml) }

    enum confidence: ::Enums::Vulnerability.confidence_levels, _prefix: :confidence
    enum severity: ::Enums::Vulnerability.severity_levels, _prefix: :severity
@@ -36,7 +36,7 @@ module Security
    end
    scope :latest, -> { joins(:scan).merge(Security::Scan.latest_successful_by_build).allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/341796') }
    scope :ordered, -> { order(severity: :desc, confidence: :desc, id: :asc) }
-    scope :with_pipeline_entities, -> { includes(build: [:job_artifacts, :pipeline]) }
+    scope :with_pipeline_entities, -> { preload(build: [:job_artifacts, :pipeline]) }
    scope :with_scan, -> { includes(:scan) }
    scope :with_scanner, -> { includes(:scanner) }
    scope :deduplicated, -> { where(deduplicated: true) }