Merge branch 'sf/feature/enable-violation-export-conditonally-with-ff' into 'master'

Enable violation export conditionally with FF See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131206 Merged-by: Huzaifa Iftikhar <hiftikhar@gitlab.com> Approved-by: Malcolm Locke <mlocke@gitlab.com> Approved-by: Huzaifa Iftikhar <hiftikhar@gitlab.com> Reviewed-by: Evan Read <eread@gitlab.com> Reviewed-by: Huzaifa Iftikhar <hiftikhar@gitlab.com> Reviewed-by: Malcolm Locke <mlocke@gitlab.com> Co-authored-by: Sam Figueroa <sfigueroa@gitlab.com>

Merge branch 'sf/feature/enable-violation-export-conditonally-with-ff' into 'master'
c4644439 · Huzaifa Iftikhar · ac637ff1 · e38ffd66 · c4644439 · c4644439
--- a/doc/user/compliance/compliance_center/index.md
+++ b/doc/user/compliance/compliance_center/index.md
@@ -314,6 +314,32 @@ To remove a compliance framework from multiple projects in a group:
 1. From the **Choose one bulk action** dropdown list, select **Remove framework from selected projects**.
 1. Select **Remove**.

+### Export a report of merge request compliance violations on projects in a group
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/356791) in GitLab 16.4 [with a flag](../../../administration/feature_flags.md) named `compliance_violation_csv_export`. Disabled by default.
+
+FLAG:
+On self-managed GitLab, by default this feature is not available. To make it available, ask an administrator to [enable the feature flag](../../../administration/feature_flags.md) named
+`compliance_violation_csv_export`. On GitLab.com, this feature is not available. The feature is not ready for production use.
+
+Export a report of merge request compliance violations on merge requests belonging to projects in a group. Reports:
+
+- Do not use filters on the violations report.
+- Are truncated at 15 MB so the email attachment is not too large.
+
+Prerequisites:
+
+- You must be an administrator or have the Owner role for the group.
+
+To export a report of merge request compliance violations for projects in a group:
+
+1. On the left sidebar, select **Search or go to** and find your group.
+1. On the left sidebar, select **Secure > Compliance center**.
+1. On the page, select the **Violations** tab.
+1. On the Violations tab, select the **Export full report as CSV** action in the top right corner
+
+A report is compiled and delivered to your email inbox as an attachment.
+
 ### Export a report of compliance frameworks on projects in a group

 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/387912) in GitLab 16.0.

--- a/ee/app/views/groups/security/compliance_dashboards/show.html.haml
+++ b/ee/app/views/groups/security/compliance_dashboards/show.html.haml
@@ -3,6 +3,7 @@

 #js-compliance-report{ data: {
  can_add_edit: @group.subgroup? ? "false" : "true",
+  violations_csv_export_path: Feature.enabled?(:compliance_violation_csv_export, @group) && group_security_compliance_violation_reports_path(@group, format: :csv),
  frameworks_csv_export_path: group_security_compliance_framework_reports_path(@group, format: :csv),
  merge_commits_csv_export_path: group_security_merge_commit_reports_path(@group),
  group_path: @group.full_path,

--- a/ee/spec/views/groups/security/compliance_dashboards/show.html.haml_spec.rb
+++ b/ee/spec/views/groups/security/compliance_dashboards/show.html.haml_spec.rb
@@ -6,6 +6,7 @@
  let_it_be(:user) { build_stubbed(:user) }
  let_it_be(:group) { build_stubbed(:group) }
  let(:framework_csv_export_path) { group_security_compliance_framework_reports_path(group, format: :csv) }
+  let(:violations_csv_export_path) { group_security_compliance_violation_reports_path(group, format: :csv) }
  let(:merge_commits_csv_export_path) { group_security_merge_commit_reports_path(group) }

  before do
@@ -19,6 +20,7 @@
    expect(rendered).to have_selector('#js-compliance-report')
    expect(rendered).to have_selector("[data-can-add-edit='true']")
    expect(rendered).to have_selector("[data-frameworks-csv-export-path='#{framework_csv_export_path}']")
+    expect(rendered).to have_selector("[data-violations-csv-export-path='#{violations_csv_export_path}']")
    expect(rendered).to have_selector("[data-merge-commits-csv-export-path='#{merge_commits_csv_export_path}']")
    expect(rendered).to have_selector("[data-group-path='#{group.full_path}']")
    expect(rendered).to have_selector("[data-root-ancestor-path='#{group.root_ancestor.full_path}']")
@@ -63,4 +65,34 @@
      end
    end
  end
+
+  context 'for violations export' do
+    context "with compliance_violation_csv_export ff enabled" do
+      it 'renders with the correct data attributes', :aggregate_failures do
+        render
+
+        expect(rendered).to have_selector("[data-violations-csv-export-path='#{violations_csv_export_path}']")
+      end
+    end
+
+    context 'with compliance_violation_csv_export ff disabled', :aggregate_failures do
+      before do
+        Feature.disable(:compliance_violation_csv_export)
+      end
+
+      it 'renders with the correct data attributes for excluded group' do
+        render
+
+        expect(rendered).not_to have_selector("[data-violations-csv-export-path]")
+      end
+
+      it 'renders with the correct data attributes for included group' do
+        Feature.enable(:compliance_violation_csv_export, group)
+
+        render
+
+        expect(rendered).to have_selector("[data-violations-csv-export-path='#{violations_csv_export_path}']")
+      end
+    end
+  end
 end