Draft: Returns latest pipeline with scheduled PEP graphql

What does this MR do and why?

We want to add the status of the latest pipeline that was created by a scheduled pipeline execution policy to the policy editor. To archive this, the MR introduces a new Ci::GroupPipelinesFinder to query pipelines across group projects and enhances the GraphQL PipelineExecutionSchedulePolicy type with a latestScheduledPipeline field.

Scheduled pipelines are not linked to the policy that created them, so there is no way to tell if the policy actually created the latest pipeline. I marked the new field as experiment so we can test if it is actually helpful.

Solution

New Ci::GroupPipelinesFinder: Provides consistent pipeline querying across group projects with proper authorization, filtering, and sorting Enhanced GraphQL field: Adds latestScheduledPipeline to PipelineExecutionSchedulePolicy type to expose pipeline execution status

References

• Related issue: #528299
• Scheduled pipeline execution policy documentation: https://docs.gitlab.com/user/application_security/policies/scheduled_pipeline_execution_policies/

How to set up and validate locally

1. Create a new group.
2. Create a new project on the group.
3. Add a .gitlab/security-policies/policy.yml file to the project with content (Replace path/to/project with the path to your project):

   ---
   experiments:
     pipeline_execution_schedule_policy:
       enabled: true
   pipeline_execution_policy: []
   approval_policy: []
   pipeline_execution_schedule_policy:
     - name: test
       description: ''
       enabled: true
       pipeline_config_strategy: schedule
       content:
         include:
           - project: path/to/project
             file: policy-ci.yml
       schedules:
         - type: daily
           start_time: '10:00'
           time_window:
             value: 600
             distribution: random

4. Go back to the group page and on the left sidebar, select Security & Compliance and Policies.
5. Select Edit policy project and select your project. Then select Save.
6. Start the schedule worker manually to trigger the schedule:

   Security::PipelineExecutionPolicies::RunScheduleWorker.new.perform(Security::PipelineExecutionProjectSchedule.last.id)

7. Open the GraphQL explorer http://gdk.test:3000/-/graphql-explorer
8. Run the query for the group you created (replace group-path with the path of your group):

   query {
     group(fullPath: "group-path") {
       pipelineExecutionSchedulePolicies {
         nodes {
           name
           latestScheduledPipeline {
             id
             status
             createdAt
           }
         }
       }
     }
   }

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #528299