Add `vulnerability_resolved` action to auto-resolve note

This metadata information is used to choose which icon to display on the system note. Fixes: https://gitlab.com/gitlab-org/gitlab/-/issues/507552

Add `vulnerability_resolved` action to auto-resolve note
39480458 · Brian Williams · b833f6bb · 39480458 · 39480458
--- a/ee/app/services/vulnerabilities/auto_resolve_service.rb
+++ b/ee/app/services/vulnerabilities/auto_resolve_service.rb
@@ -72,7 +72,10 @@ def resolve_vulnerabilities
          updated_at: now
        )
      end
-      Note.insert_all!(system_note_attrs)
+      Note.transaction do
+        results = Note.insert_all!(system_note_attrs, returning: %w[id])
+        SystemNoteMetadata.insert_all!(note_metadata_attrs(results))
+      end
    end
    def state_transition_attrs
@@ -110,6 +113,19 @@ def system_note_attrs
      end
    end
+    def note_metadata_attrs(results)
+      results.map do |row|
+        id = row['id']
+        {
+          note_id: id,
+          action: 'vulnerability_resolve',
+          created_at: now,
+          updated_at: now
+        }
+      end
+    end
    def comment(vulnerability)
      rule = rules_by_vulnerability[vulnerability]
      _("Auto-resolved by vulnerability management policy") + " #{rule.security_policy.name}"

--- a/ee/spec/services/vulnerabilities/auto_resolve_service_spec.rb
+++ b/ee/spec/services/vulnerabilities/auto_resolve_service_spec.rb
@@ -45,7 +45,10 @@
      expect(vulnerability.resolved_at).to eq(Time.current)
      expect(vulnerability.auto_resolved).to be(true)
-      expect { resolved_vulnerability.reload }.to change { resolved_vulnerability.updated_at }
+      # Ruby has nanosecond precision on timestamps, while Postgress has microsecond precision.
+      # This causes the timestamp to be rounded down to the nearest microsecond when the record is reloaded.
+      # We need to make the comparison in microseconds to avoid a false-negative.
+      expect { resolved_vulnerability.reload }.not_to change { resolved_vulnerability.updated_at.floor(6) }
    end
    it 'inserts a state transition for each vulnerability' do
@@ -71,6 +74,7 @@
        "changed vulnerability status to Resolved and the following comment: \"#{comment}\""
      )
      expect(last_note).to be_system
+      expect(last_note.system_note_metadata.action).to eq('vulnerability_resolve')
    end
    it 'updates the statistics', :sidekiq_inline do