Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue with Alert URLs for pull requests and artifacts #4183

Merged
merged 1 commit into from
Aug 16, 2024
Merged

Fix issue with Alert URLs for pull requests and artifacts #4183

merged 1 commit into from
Aug 16, 2024

Conversation

dmjb
Copy link
Contributor

@dmjb dmjb commented Aug 16, 2024
edited
Loading

The GetProfileStatusByName URL returns a bunch of information about profiles, including the URL of GHSA alerts if one was created. Minder does not store this URL in the DB, and instead creates it on the fly in the handler code. This assumed that the repo name and owner was returned from the ListRuleEvaluationsByProfileId SQL query for all entities, not just repositories.

Since my recent changes removed the link between evaluation history and repositories for artifacts and pull requests, this logic stopped working. This works around the problem by querying the DB explicitly.

Ideally, the URL would be stored in the database as part of the alert metadata. This handles, for example, self-hosted Github, or indeed, alerts other than GHSAs. I consider that a longer term change which requires additional changes. This fixes the immediate problem.

Validated locally that this fixes the issue with the smoke tests.

Summary

Provide a brief overview of the changes and the issue being addressed.
Explain the rationale and any background necessary for understanding the changes.
List dependencies required by this change, if any.

Fixes #(related issue)

Change Type

Mark the type of change your PR introduces:

  • Bug fix (resolves an issue without affecting existing features)
  • Feature (adds new functionality without breaking changes)
  • Breaking change (may impact existing functionalities or require documentation updates)
  • Documentation (updates or additions to documentation)
  • Refactoring or test improvements (no bug fixes or new functionality)

Testing

Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.

Review Checklist:

  • Reviewed my own code for quality and clarity.
  • Added comments to complex or tricky code sections.
  • Updated any affected documentation.
  • Included tests that validate the fix or feature.
  • Checked that related changes are merged.

@dmjb
Fix issue with Alert URLs for pull requests and artifacts
b506643 
The `GetProfileStatusByName` URL returns a bunch of information about
profiles, including the URL of GHSA alerts if one was created. Minder
does not store this URL in the DB, and instead creates it on the fly in
the handler code. This assumed that the repo name and owner was returned
from the `ListRuleEvaluationsByProfileId` SQL query for all entities,
not just repositories.

Since my recent changes removed the link between evaluation history and
repositories for artifacts and pull requests, this logic stopped
working. This works around the problem by querying the DB explicitly.

Ideally, the URL would be stored in the database as part of the alert
metadata. This handles, for example, self-hosted Github, or indeed,
alerts other than GHSAs. I consider that a longer term change which
requires additional changes. This fixes the immediate problem.
@dmjb dmjb requested a review from a team as a code owner August 16, 2024 14:33
@coveralls
Copy link

Coverage Status

coverage: 53.941% (-0.06%) from 53.996%
when pulling b506643 on fix-repo-url-alert
into 2fddec5 on main.

@dmjb dmjb merged commit f5bd045 into main Aug 16, 2024
24 of 26 checks passed
@dmjb dmjb deleted the fix-repo-url-alert branch August 16, 2024 15:56
rdimitrov added a commit that referenced this pull request Aug 19, 2024
@rdimitrov
Revert "Fix issue with Alert URLs for pull requests and artifacts (#4183
92ec4aa 
)"

This reverts commit f5bd045.
@rdimitrov rdimitrov mentioned this pull request Aug 19, 2024
Merged
10 tasks
JAORMX pushed a commit that referenced this pull request Aug 19, 2024
@rdimitrov
Revert profile/rule status queries to use evaluation history table (#…
4cebc27 
…4195)

* Revert "Fix issue with Alert URLs for pull requests and artifacts (#4183)"

This reverts commit f5bd045.

* Revert "Check for non-empty length of previous metadata (#4182)"

This reverts commit 2fddec5.

* Revert "Change profile/rule status queries to use evaluation history table (#4089)"

This reverts commit 2137ce8.
dmjb added a commit that referenced this pull request Aug 19, 2024
@dmjb
Fix issue with Alert URLs for pull requests and artifacts (#4183)
87c4ee2
dmjb added a commit that referenced this pull request Aug 19, 2024
@dmjb
Reapply reverted commits (#4200)
d63522d 
Out of the three commits which were reverted, one of them was replaced by #4197 which solves the problem at source. This will reapply the other two. Some changes were made to fit with the changes introduced by #4197

Validated against smoke tests by @rdimitrov. I also ran the failing smoke tests against this branch locally.

* Change profile/rule status queries to use evaluation history table (#4089)

This change allows most of the functionality which previously used the
`rule_evaluations` (and related) tables to use the new evaluation
history tables instead.

* Fix issue with Alert URLs for pull requests and artifacts (#4183)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rdimitrov rdimitrov rdimitrov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dmjb @coveralls @rdimitrov