Add code quality to graphql

This commit adds our code quality report to graphql.
We are now able to aggregate several code quality reports
at the pipeline level.

Changelog: added

app/graphql/types/ci/code_quality_degradation_severity_enum.rb

+# frozen_string_literal: true
+
+module Types
+  module Ci
+    class CodeQualityDegradationSeverityEnum < BaseEnum
+      graphql_name 'CodeQualityDegradationSeverity'
+
+      ::Gitlab::Ci::Reports::CodequalityReports::SEVERITY_PRIORITIES.keys.each do |status|
+        value status.upcase,
+              description: "Code Quality degradation has a status of #{status}.",
+              value: status
+      end
+    end
+  end
+end

doc/api/graphql/reference/index.md

@@ -4688,6 +4688,30 @@ The edge type for [`CodeCoverageActivity`](#codecoverageactivity).
 | <a id="codecoverageactivityedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
 | <a id="codecoverageactivityedgenode"></a>`node` | [`CodeCoverageActivity`](#codecoverageactivity) | The item at the end of the edge. |
 
+#### `CodeQualityDegradationConnection`
+
+The connection type for [`CodeQualityDegradation`](#codequalitydegradation).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="codequalitydegradationconnectioncount"></a>`count` | [`Int!`](#int) | Total count of collection. |
+| <a id="codequalitydegradationconnectionedges"></a>`edges` | [`[CodeQualityDegradationEdge]`](#codequalitydegradationedge) | A list of edges. |
+| <a id="codequalitydegradationconnectionnodes"></a>`nodes` | [`[CodeQualityDegradation]`](#codequalitydegradation) | A list of nodes. |
+| <a id="codequalitydegradationconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `CodeQualityDegradationEdge`
+
+The edge type for [`CodeQualityDegradation`](#codequalitydegradation).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="codequalitydegradationedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| <a id="codequalitydegradationedgenode"></a>`node` | [`CodeQualityDegradation`](#codequalitydegradation) | The item at the end of the edge. |
+
 #### `CommitConnection`
 
 The connection type for [`Commit`](#commit).
@@ -7455,6 +7479,20 @@ Represents the code coverage summary for a project.
 | <a id="codecoveragesummarycoveragecount"></a>`coverageCount` | [`Int`](#int) | Number of different code coverage results available. |
 | <a id="codecoveragesummarylastupdatedon"></a>`lastUpdatedOn` | [`Date`](#date) | Latest date when the code coverage was created for the project. |
 
+### `CodeQualityDegradation`
+
+Represents a code quality degradation on the pipeline.
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="codequalitydegradationdescription"></a>`description` | [`String!`](#string) | A description of the code quality degradation. |
+| <a id="codequalitydegradationfingerprint"></a>`fingerprint` | [`String!`](#string) | A unique fingerprint to identify the code quality degradation. For example, an MD5 hash. |
+| <a id="codequalitydegradationline"></a>`line` | [`Int!`](#int) | The line on which the code quality degradation occurred. |
+| <a id="codequalitydegradationpath"></a>`path` | [`String!`](#string) | The relative path to the file containing the code quality degradation. |
+| <a id="codequalitydegradationseverity"></a>`severity` | [`CodeQualityDegradationSeverity!`](#codequalitydegradationseverity) | Status of the degradation (BLOCKER, CRITICAL, MAJOR, MINOR, INFO). |
+
 ### `Commit`
 
 #### Fields
@@ -10577,6 +10615,7 @@ Information about pagination in a connection.
 | <a id="pipelineactive"></a>`active` | [`Boolean!`](#boolean) | Indicates if the pipeline is active. |
 | <a id="pipelinebeforesha"></a>`beforeSha` | [`String`](#string) | Base SHA of the source branch. |
 | <a id="pipelinecancelable"></a>`cancelable` | [`Boolean!`](#boolean) | Specifies if a pipeline can be canceled. |
+| <a id="pipelinecodequalityreports"></a>`codeQualityReports` | [`CodeQualityDegradationConnection`](#codequalitydegradationconnection) | Code Quality degradations reported on the pipeline. (see [Connections](#connections)) |
 | <a id="pipelinecommitpath"></a>`commitPath` | [`String`](#string) | Path to the commit that triggered the pipeline. |
 | <a id="pipelinecommittedat"></a>`committedAt` | [`Time`](#time) | Timestamp of the pipeline's commit. |
 | <a id="pipelineconfigsource"></a>`configSource` | [`PipelineConfigSourceEnum`](#pipelineconfigsourceenum) | Configuration source of the pipeline (UNKNOWN_SOURCE, REPOSITORY_SOURCE, AUTO_DEVOPS_SOURCE, WEBIDE_SOURCE, REMOTE_SOURCE, EXTERNAL_PROJECT_SOURCE, BRIDGE_SOURCE, PARAMETER_SOURCE, COMPLIANCE_SOURCE). |
@@ -13551,6 +13590,16 @@ Values for YAML processor result.
 | <a id="cirunnertypeinstance_type"></a>`INSTANCE_TYPE` | A runner that is instance type. |
 | <a id="cirunnertypeproject_type"></a>`PROJECT_TYPE` | A runner that is project type. |
 
+### `CodeQualityDegradationSeverity`
+
+| Value | Description |
+| ----- | ----------- |
+| <a id="codequalitydegradationseverityblocker"></a>`BLOCKER` | Code Quality degradation has a status of blocker. |
+| <a id="codequalitydegradationseveritycritical"></a>`CRITICAL` | Code Quality degradation has a status of critical. |
+| <a id="codequalitydegradationseverityinfo"></a>`INFO` | Code Quality degradation has a status of info. |
+| <a id="codequalitydegradationseveritymajor"></a>`MAJOR` | Code Quality degradation has a status of major. |
+| <a id="codequalitydegradationseverityminor"></a>`MINOR` | Code Quality degradation has a status of minor. |
+
 ### `CommitActionMode`
 
 Mode of a commit action.

ee/app/graphql/ee/types/ci/pipeline_type.rb

@@ -19,6 +19,15 @@ module EE
             null: true,
             description: 'Vulnerability findings reported on the pipeline.',
             resolver: ::Resolvers::PipelineSecurityReportFindingsResolver
+
+          field :code_quality_reports,
+            ::Types::Ci::CodeQualityDegradationType.connection_type,
+            null: true,
+            description: 'Code Quality degradations reported on the pipeline.'
+
+          def code_quality_reports
+            pipeline.codequality_reports.all_degradations.presence
+          end
         end
       end
     end

ee/app/graphql/types/ci/code_quality_degradation_type.rb

+# frozen_string_literal: true
+
+module Types
+  module Ci
+    # rubocop: disable Graphql/AuthorizeTypes
+    class CodeQualityDegradationType < BaseObject
+      graphql_name 'CodeQualityDegradation'
+      description 'Represents a code quality degradation on the pipeline.'
+
+      connection_type_class(Types::CountableConnectionType)
+
+      alias_method :degradation, :object
+
+      field :description, GraphQL::STRING_TYPE, null: false,
+        description: "A description of the code quality degradation."
+
+      field :fingerprint, GraphQL::STRING_TYPE, null: false,
+        description: 'A unique fingerprint to identify the code quality degradation. For example, an MD5 hash.'
+
+      field :severity, Types::Ci::CodeQualityDegradationSeverityEnum, null: false,
+        description: "Status of the degradation (#{::Gitlab::Ci::Reports::CodequalityReports::SEVERITY_PRIORITIES.keys.map(&:upcase).join(', ')})."
+
+      field :path, GraphQL::STRING_TYPE, null: false,
+        description: 'The relative path to the file containing the code quality degradation.'
+
+      def path
+        degradation.dig(:location, :path)
+      end
+
+      field :line, GraphQL::INT_TYPE, null: false,
+        description: 'The line on which the code quality degradation occurred.'
+
+      def line
+        degradation.dig(:location, :lines, :begin) || degradation.dig(:location, :positions, :begin, :line)
+      end
+    end
+  end
+end

ee/changelogs/unreleased/mo-add-codequality-to-graphql.yml

+---
+title: Add codequality reports endpoint to graphql
+merge_request: 61383
+author:
+type: added

ee/spec/graphql/types/ci/code_quality_degradation_severity_enum_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['CodeQualityDegradationSeverity'] do
+  it 'exposes all code quality degradation severity types' do
+    expect(described_class.values.keys).to eq(
+      ::Gitlab::Ci::Reports::CodequalityReports::SEVERITY_PRIORITIES.keys.map(&:upcase)
+    )
+  end
+end

ee/spec/graphql/types/ci/code_quality_degradation_type_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['CodeQualityDegradation'] do
+  it do
+    expect(described_class).to have_graphql_fields(
+      :description,
+      :fingerprint,
+      :severity,
+      :path,
+      :line
+    )
+  end
+end

ee/spec/graphql/types/ci/pipeline_type_spec.rb

@@ -9,6 +9,7 @@ RSpec.describe GitlabSchema.types['Pipeline'] do
     expected_fields = %w[
         security_report_summary
         security_report_findings
+        code_quality_reports
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)

ee/spec/requests/api/graphql/project/pipeline/code_quality_reports_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.project(fullPath).pipeline(iid).codeQualityReports' do
+  include GraphqlHelpers
+
+  let_it_be(:project) { create(:project, :repository) }
+  let_it_be(:current_user) { create(:user) }
+
+  let(:query) do
+    %(
+      query {
+        project(fullPath: "#{project.full_path}") {
+          pipeline(iid: "#{pipeline.iid}") {
+            codeQualityReports {
+              nodes {
+                #{all_graphql_fields_for('CodeQualityDegradation')}
+              }
+            }
+          }
+        }
+      }
+    )
+  end
+
+  let(:codequality_degradations) { graphql_data_at(:project, :pipeline, :codeQualityReports, :nodes) }
+
+  context 'when pipeline has a code quality report' do
+    let_it_be(:pipeline) { create(:ci_pipeline, :success, :with_codequality_reports, project: project) }
+
+    context 'when user is member of the project' do
+      before do
+        project.add_developer(current_user)
+      end
+
+      it 'returns all the code quality degradations' do
+        post_graphql(query, current_user: current_user)
+
+        expect(codequality_degradations.size).to eq(3)
+      end
+
+      it 'returns all the queried fields', :aggregate_failures do
+        post_graphql(query, current_user: current_user)
+
+        codequality_degradations.each do |degradation|
+          expect(degradation['description']).not_to be_nil
+          expect(degradation['fingerprint']).not_to be_nil
+          expect(degradation['severity']).not_to be_nil
+          expect(degradation['path']).not_to be_nil
+          expect(degradation['line']).not_to be_nil
+        end
+      end
+    end
+
+    context 'when user is not a member of the project' do
+      it 'returns no code quality degradations' do
+        post_graphql(query, current_user: current_user)
+
+        expect(codequality_degradations).to be_nil
+      end
+    end
+  end
+
+  context 'when pipeline does not have a code quality report' do
+    let_it_be(:pipeline) { create(:ci_pipeline, :success, project: project) }
+
+    before do
+      project.add_developer(current_user)
+    end
+
+    it 'returns an empty result' do
+      post_graphql(query, current_user: current_user)
+
+      expect(codequality_degradations).to be_nil
+    end
+  end
+end

spec/graphql/types/ci/pipeline_type_spec.rb

@@ -18,7 +18,7 @@ RSpec.describe Types::Ci::PipelineType do
     ]
 
     if Gitlab.ee?
-      expected_fields += %w[security_report_summary security_report_findings]
+      expected_fields += %w[security_report_summary security_report_findings code_quality_reports]
     end
 
     expect(described_class).to have_graphql_fields(*expected_fields)