Move Secure report download dependencies to FOSS

Some Secure features are now available on FOSS, so report downloads
need to be available there as well.

.rubocop_manual_todo.yml

@@ -42,11 +42,11 @@ Graphql/IDType:
 Graphql/ResolverType:
   Exclude:
     - 'app/graphql/resolvers/base_resolver.rb'
+    - 'app/graphql/resolvers/ci/jobs_resolver.rb'
     - 'app/graphql/resolvers/ci/pipeline_stages_resolver.rb'
     - 'app/graphql/resolvers/error_tracking/sentry_error_stack_trace_resolver.rb'
     - 'app/graphql/resolvers/merge_requests_resolver.rb'
     - 'app/graphql/resolvers/users/group_count_resolver.rb'
-    - 'ee/app/graphql/resolvers/ci/jobs_resolver.rb'
     - 'ee/app/graphql/resolvers/geo/merge_request_diff_registries_resolver.rb'
     - 'ee/app/graphql/resolvers/geo/package_file_registries_resolver.rb'
     - 'ee/app/graphql/resolvers/geo/terraform_state_version_registries_resolver.rb'

app/graphql/types/ci/pipeline_type.rb

@@ -13,65 +13,87 @@ module Types
 
       field :id, GraphQL::ID_TYPE, null: false,
             description: 'ID of the pipeline'
+
       field :iid, GraphQL::STRING_TYPE, null: false,
             description: 'Internal ID of the pipeline'
 
       field :sha, GraphQL::STRING_TYPE, null: false,
             description: "SHA of the pipeline's commit"
+
       field :before_sha, GraphQL::STRING_TYPE, null: true,
             description: 'Base SHA of the source branch'
+
       field :status, PipelineStatusEnum, null: false,
             description: "Status of the pipeline (#{::Ci::Pipeline.all_state_names.compact.join(', ').upcase})"
+
       field :detailed_status, Types::Ci::DetailedStatusType, null: false,
             description: 'Detailed status of the pipeline',
             resolve: -> (obj, _args, ctx) { obj.detailed_status(ctx[:current_user]) }
+
       field :config_source, PipelineConfigSourceEnum, null: true,
             description: "Config source of the pipeline (#{::Enums::Ci::Pipeline.config_sources.keys.join(', ').upcase})"
+
       field :duration, GraphQL::INT_TYPE, null: true,
             description: 'Duration of the pipeline in seconds'
+
       field :coverage, GraphQL::FLOAT_TYPE, null: true,
             description: 'Coverage percentage'
+
       field :created_at, Types::TimeType, null: false,
             description: "Timestamp of the pipeline's creation"
+
       field :updated_at, Types::TimeType, null: false,
             description: "Timestamp of the pipeline's last activity"
+
       field :started_at, Types::TimeType, null: true,
             description: 'Timestamp when the pipeline was started'
+
       field :finished_at, Types::TimeType, null: true,
             description: "Timestamp of the pipeline's completion"
+
       field :committed_at, Types::TimeType, null: true,
             description: "Timestamp of the pipeline's commit"
+
       field :stages, Types::Ci::StageType.connection_type, null: true,
             description: 'Stages of the pipeline',
             extras: [:lookahead],
             resolver: Resolvers::Ci::PipelineStagesResolver
+
       field :user, Types::UserType, null: true,
             description: 'Pipeline user',
             resolve: -> (pipeline, _args, _context) { Gitlab::Graphql::Loaders::BatchModelLoader.new(User, pipeline.user_id).find }
+
       field :retryable, GraphQL::BOOLEAN_TYPE,
             description: 'Specifies if a pipeline can be retried',
             method: :retryable?,
             null: false
+
       field :cancelable, GraphQL::BOOLEAN_TYPE,
             description: 'Specifies if a pipeline can be canceled',
             method: :cancelable?,
             null: false
+
       field :jobs,
             ::Types::Ci::JobType.connection_type,
             null: true,
             description: 'Jobs belonging to the pipeline',
-            method: :statuses
+            resolver: ::Resolvers::Ci::JobsResolver
+
       field :source_job, Types::Ci::JobType, null: true,
             description: 'Job where pipeline was triggered from'
+
       field :downstream, Types::Ci::PipelineType.connection_type, null: true,
             description: 'Pipelines this pipeline will trigger',
             method: :triggered_pipelines_with_preloads
+
       field :upstream, Types::Ci::PipelineType, null: true,
             description: 'Pipeline that triggered the pipeline',
             method: :triggered_by_pipeline
+
       field :path, GraphQL::STRING_TYPE, null: true,
             description: "Relative path to the pipeline's page",
             resolve: -> (obj, _args, _ctx) { ::Gitlab::Routing.url_helpers.project_pipeline_path(obj.project, obj) }
+
       field :project, Types::ProjectType, null: true,
             description: 'Project the pipeline belongs to'
     end

changelogs/unreleased/move-security-jobs-finder-out-of-ee.yml

+---
+title: Filter jobs by security report type in GraphQL
+merge_request: 47095
+author:
+type: added

ee/app/graphql/ee/types/ci/pipeline_type.rb

@@ -13,12 +13,6 @@ module EE
             extras: [:lookahead],
             description: 'Vulnerability and scanned resource counts for each security scanner of the pipeline',
             resolver: ::Resolvers::SecurityReportSummaryResolver
-
-          field :jobs,
-            ::Types::Ci::JobType.connection_type,
-            null: true,
-            description: 'Jobs belonging to the pipeline',
-            resolver: ::Resolvers::Ci::JobsResolver
         end
       end
     end

ee/spec/requests/api/graphql/ci/pipelines_spec.rb

-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe 'Query.project(fullPath).pipelines' do
-  include GraphqlHelpers
-
-  let_it_be(:project) { create(:project, :repository, :public) }
-  let_it_be(:first_user) { create(:user) }
-  let_it_be(:second_user) { create(:user) }
-
-  describe '.jobs' do
-    let_it_be(:query) do
-      %(
-        query {
-          project(fullPath: "#{project.full_path}") {
-            pipelines {
-              nodes {
-                jobs {
-                  nodes {
-                    name
-                  }
-                }
-              }
-            }
-          }
-        }
-      )
-    end
-
-    it 'fetches the jobs without an N+1' do
-      pipeline = create(:ci_pipeline, project: project)
-      create(:ci_build, pipeline: pipeline, name: 'Job 1')
-
-      control_count = ActiveRecord::QueryRecorder.new do
-        post_graphql(query, current_user: first_user)
-      end
-
-      pipeline = create(:ci_pipeline, project: project)
-      create(:ci_build, pipeline: pipeline, name: 'Job 2')
-
-      expect do
-        post_graphql(query, current_user: second_user)
-      end.not_to exceed_query_limit(control_count)
-
-      expect(response).to have_gitlab_http_status(:ok)
-
-      pipelines_data = graphql_data.dig('project', 'pipelines', 'nodes')
-
-      job_names = pipelines_data.map do |pipeline_data|
-        jobs_data = pipeline_data.dig('jobs', 'nodes')
-        jobs_data.map { |job_data| job_data['name'] }
-      end.flatten
-
-      expect(job_names).to contain_exactly('Job 1', 'Job 2')
-    end
-  end
-
-  describe '.jobs(securityReportTypes)' do
-    let_it_be(:query) do
-      %(
-        query {
-          project(fullPath: "#{project.full_path}") {
-            pipelines {
-              nodes {
-                jobs(securityReportTypes: [SAST]) {
-                  nodes {
-                    name
-                  }
-                }
-              }
-            }
-          }
-        }
-      )
-    end
-
-    it 'fetches the jobs matching the report type filter' do
-      pipeline = create(:ci_pipeline, project: project)
-      create(:ci_build, :dast, name: 'DAST Job 1', pipeline: pipeline)
-      create(:ci_build, :sast, name: 'SAST Job 1', pipeline: pipeline)
-
-      post_graphql(query, current_user: first_user)
-
-      expect(response).to have_gitlab_http_status(:ok)
-
-      pipelines_data = graphql_data.dig('project', 'pipelines', 'nodes')
-
-      job_names = pipelines_data.map do |pipeline_data|
-        jobs_data = pipeline_data.dig('jobs', 'nodes')
-        jobs_data.map { |job_data| job_data['name'] }
-      end.flatten
-
-      expect(job_names).to contain_exactly('SAST Job 1')
-    end
-  end
-end

spec/requests/api/graphql/ci/pipelines_spec.rb

@@ -56,6 +56,45 @@ RSpec.describe 'Query.project(fullPath).pipelines' do
     end
   end
 
+  describe '.jobs(securityReportTypes)' do
+    let_it_be(:query) do
+      %(
+        query {
+          project(fullPath: "#{project.full_path}") {
+            pipelines {
+              nodes {
+                jobs(securityReportTypes: [SAST]) {
+                  nodes {
+                    name
+                  }
+                }
+              }
+            }
+          }
+        }
+      )
+    end
+
+    it 'fetches the jobs matching the report type filter' do
+      pipeline = create(:ci_pipeline, project: project)
+      create(:ci_build, :dast, name: 'DAST Job 1', pipeline: pipeline)
+      create(:ci_build, :sast, name: 'SAST Job 1', pipeline: pipeline)
+
+      post_graphql(query, current_user: first_user)
+
+      expect(response).to have_gitlab_http_status(:ok)
+
+      pipelines_data = graphql_data.dig('project', 'pipelines', 'nodes')
+
+      job_names = pipelines_data.map do |pipeline_data|
+        jobs_data = pipeline_data.dig('jobs', 'nodes')
+        jobs_data.map { |job_data| job_data['name'] }
+      end.flatten
+
+      expect(job_names).to contain_exactly('SAST Job 1')
+    end
+  end
+
   describe 'upstream' do
     let_it_be(:pipeline) { create(:ci_pipeline, project: project, user: first_user) }
     let_it_be(:upstream_project) { create(:project, :repository, :public) }
@@ -176,8 +215,6 @@ RSpec.describe 'Query.project(fullPath).pipelines' do
         expect do
           post_graphql(query, current_user: second_user)
         end.not_to exceed_query_limit(control_count)
-
-        expect(response).to have_gitlab_http_status(:ok)
       end
     end
   end