Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Scanning API support #1787

Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Code Scanning API support #1787

wants to merge 11 commits into from

Conversation

wwong
Copy link

@wwong wwong commented Feb 7, 2024

Description

Following up on open comments from #1142 and cortexapps#8

I don't currently have access to the security alerts for the example test repo (https://github.com/hub4j-test-org/Pixi), so the response fields might be slightly outdated until I (or someone else) can re-record the wiremock samples.

Start of an (incomplete) implementation for #1133 (will add more endpoints in a later PR)

This change adds the read-only calls for the following endpoints, as they were originally implemented in previous PRs:

Before submitting a PR:

  • Changes must not break binary backwards compatibility. If you are unclear on how to make the change you think is needed while maintaining backward compatibility, CONTRIBUTING.md for details.
  • Add JavaDocs and other comments explaining the behavior.
  • When adding or updating methods that fetch entities, add @link JavaDoc entries to the relevant documentation on https://docs.github.com/en/rest .
  • Add tests that cover any added or changed code. This generally requires capturing snapshot test data. See CONTRIBUTING.md for details.
  • Run mvn -D enable-ci clean install site locally. If this command doesn't succeed, your change will not pass CI.
  • Push your changes to a branch other than main. You will create your PR from that branch.

When creating a PR:

  • Fill in the "Description" above with clear summary of the changes. This includes:
    • If this PR fixes one or more issues, include "Fixes #" lines for each issue.
    • Provide links to relevant documentation on https://docs.github.com/en/rest where possible. If not including links, explain why not.
  • All lines of new code should be covered by tests as reported by code coverage. Any lines that are not covered must have PR comments explaining why they cannot be covered. For example, "Reaching this particular exception is hard and is not a particular common scenario."
  • Enable "Allow edits from maintainers".

@wwong wwong changed the title Code scanning api Code Scanning API support Feb 7, 2024
@wwong wwong force-pushed the code-scanning-api branch 2 times, most recently from f9767a5 to 10d3458 Compare February 7, 2024 07:16
@wwong
Copy link
Author

wwong commented Feb 7, 2024

Hi @bitwiseman, tagging you here because you're the only member of the hub4j org that I can see.

When you get the chance, could you approve the test workflows on this PR? The tests are passing locally, but I want to make sure things are all good in CI before I open up for review. It'd also be great to get access to the security alerts in the hub4j-test-org so that I can refresh the wiremock snapshots. Thanks!

@wwong wwong force-pushed the code-scanning-api branch 2 times, most recently from c20ace1 to 62361a5 Compare February 8, 2024 07:44
@bitwiseman
Copy link
Member

@wwong
I'm inviting you to the hub4j-test-org now.

Copy link

codecov bot commented Feb 15, 2024

Codecov Report

Attention: Patch coverage is 78.94737% with 24 lines in your changes missing coverage. Please review.

Project coverage is 81.02%. Comparing base (895ddce) to head (1e9c381).
Report is 1 commits behind head on main.

Files Patch % Lines
...rg/kohsuke/github/GHCodeScanningAlertInstance.java 52.27% 9 Missing and 12 partials ⚠️
...e/github/GHCodeScanningAlertInstancesIterable.java 92.30% 0 Missing and 1 partial ⚠️
...g/kohsuke/github/GHCodeScanningAlertsIterable.java 93.33% 0 Missing and 1 partial ⚠️
src/main/java/org/kohsuke/github/GHRepository.java 88.88% 1 Missing ⚠️
Additional details and impacted files
@@             Coverage Diff              @@
##               main    #1787      +/-   ##
============================================
- Coverage     81.05%   81.02%   -0.04%     
- Complexity     2442     2476      +34     
============================================
  Files           237      242       +5     
  Lines          7342     7456     +114     
  Branches        398      412      +14     
============================================
+ Hits           5951     6041      +90     
- Misses         1145     1155      +10     
- Partials        246      260      +14     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@wwong
Copy link
Author

wwong commented Feb 16, 2024

@bitwiseman Thanks! I'll see if I can find some time this weekend to shore up the code coverage and add some more support for the rest of the Code Scanning endpoints.

@wwong wwong force-pushed the code-scanning-api branch from 62361a5 to 43ef76f Compare April 1, 2024 23:50
@bitwiseman bitwiseman added the work-abandoned There hasn't been any activity on the PR in a while. Another contributor might want to pick it up. label Jul 1, 2024
Copy link
Member

@bitwiseman bitwiseman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Upstream changes to test data.

@bitwiseman bitwiseman self-requested a review July 1, 2024 18:33
@bitwiseman bitwiseman dismissed their stale review July 1, 2024 18:33

Updates applied

@bitwiseman
Copy link
Member

@wwong
If/When you get back to this PR, please pull the changes I've applied and avoid force pushes to make reviewing easier.

@wwong
Copy link
Author

wwong commented Jul 1, 2024

Will do, thanks @bitwiseman. Life is a little busy right now, but I hope to get back to this soon, maybe in the next couple weeks.

In the process of integrating these changes in a work project, I also found some areas for improvement in the proposed code scanning interfaces, which I'll also try to incorporate before finalizing the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
work-abandoned There hasn't been any activity on the PR in a while. Another contributor might want to pick it up.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants