Thanks to visit codestin.com
Credit goes to github.com

Skip to content

SEAB-7285: Make "missing dockstore.yml" user notifications happen less #6168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
svonworl merged 17 commits into from
Sep 26, 2025
Merged

SEAB-7285: Make "missing dockstore.yml" user notifications happen less #6168

svonworl merged 17 commits into from
Sep 26, 2025

Conversation

@svonworl
Copy link
Contributor

@svonworl svonworl commented Sep 24, 2025
edited
Loading

Description
This PR changes the webservice so that it:

  • issues at most one "missing dockstore.yml" notification per github repository + user pair, ever.
  • does not issue a "missing dockstore.yml" notification if there are registered .dockstore.yml-based entries corresponding to the github repository, indicating that there must be a .dockstore.yml on one of the branches.
  • hides a "missing dockstore.yml" notification when a .dockstore.yml is detected on a branch in the repository.

To accomplish the above, we add a hidden field to the UserNotification entity. When a user notification is hidden, it is no longer visible to the user, but remains in the database, so the push processing code can find it and prevent additional notifications from being created.

There was a bit of redundant stuff in the notification DAOs that has been deleted.

Testing has been added. Note that the references in the previous tests were broken, meaning that we were testing the failure of the endpoints/methods, rather than what we thought. This has been fixed.

I would prefer that all types of notifications had an expiration date (currently, public notifications can be) and could be hidden (after this pr, user notifications can be), but that's an uncomfortably large change for a hotfix.

Review Instructions
On staging, install our Github app on a repository that contains a WDL but no .dockstore.yml, and confirm that the notification is created. Delete the notification in the UI, and then add a file to the repo, and push again. Confirm that no notification is created.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-7285
https://ucsc-cgl.atlassian.net/browse/SEAB-7287

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

  • Security and Privacy assessed

e.g. Does this change...

  • Any user data we collect, or data location?
  • Access control, authentication or authorization?
  • Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@svonworl svonworl self-assigned this Sep 24, 2025
@codecov
Copy link

codecov bot commented Sep 24, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 82.50000% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 74.07%. Comparing base (fbe2ee5) to head (14a8812).
⚠️ Report is 1 commits behind head on hotfix/1.18.1.

Files with missing lines Patch % Lines
...webservice/resources/AbstractWorkflowResource.java 80.00% 2 Missing and 2 partials ⚠️
...ore/webservice/resources/NotificationResource.java 66.66% 1 Missing and 1 partial ⚠️
...tore/webservice/jdbi/GitHubAppNotificationDAO.java 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@                 Coverage Diff                 @@
##             hotfix/1.18.1    #6168      +/-   ##
===================================================
+ Coverage            74.02%   74.07%   +0.04%     
- Complexity            5712     5724      +12     
===================================================
  Files                  397      397              
  Lines                20543    20571      +28     
  Branches              2112     2116       +4     
===================================================
+ Hits                 15207    15238      +31     
+ Misses                4332     4326       -6     
- Partials              1004     1007       +3
Flag Coverage Δ
bitbuckettests 25.83% <2.50%> (-0.04%) ⬇️
hoverflytests 27.43% <20.00%> (+<0.01%) ⬆️
integrationtests 56.02% <42.50%> (-0.09%) ⬇️
languageparsingtests 10.79% <2.50%> (-0.01%) ⬇️
localstacktests 21.19% <2.50%> (-0.03%) ⬇️
toolintegrationtests 29.76% <2.50%> (-0.04%) ⬇️
unit-tests_and_non-confidential-tests 26.10% <2.50%> (-0.04%) ⬇️
workflowintegrationtests 39.51% <82.50%> (+0.65%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@svonworl svonworl requested a review from denis-yuen September 24, 2025 05:25
@denis-yuen
Copy link
Member

denis-yuen commented Sep 24, 2025

  • issues at most one "missing dockstore.yml" notification per github repository, ever.
  • does not issue a "missing dockstore.yml" notification if there are registered .dockstore.yml-based entries corresponding to the github repository, indicating that there must be a .dockstore.yml on one of the branches.

Thought to ponder, should these be user-spaced?

For example, recently we saw users requiring assistance from an admin to configure our app. The admin installs the app, triggers the notification to their account. The original user starts back up, doesn't see the notification for the admin, doesn't see their own notification.

Alternatively, job turn-over, multiple staff on a team, the heuristic that the first user to interact with us gets a notification is decent, but GitHub itself doesn't work that way for example (i.e. we all get a notification stuff happens usually, unless we've configured it differently)

@svonworl
Copy link
Contributor Author

svonworl commented Sep 24, 2025

  • issues at most one "missing dockstore.yml" notification per github repository, ever.
  • does not issue a "missing dockstore.yml" notification if there are registered .dockstore.yml-based entries corresponding to the github repository, indicating that there must be a .dockstore.yml on one of the branches.

Thought to ponder, should these be user-spaced?

For example, recently we saw users requiring assistance from an admin to configure our app. The admin installs the app, triggers the notification to their account. The original user starts back up, doesn't see the notification for the admin, doesn't see their own notification.

Alternatively, job turn-over, multiple staff on a team, the heuristic that the first user to interact with us gets a notification is decent, but GitHub itself doesn't work that way for example (i.e. we all get a notification stuff happens usually, unless we've configured it differently)

Might make sense to issue multiple notifications, one per user, etc, as above. There's some subtle failure modes that we'd need to ponder.

However, given that this is a hotfix, would prefer to stick with the simpler solution, which works good enough for now.

@svonworl svonworl requested a review from denis-yuen September 24, 2025 16:03
denis-yuen
denis-yuen reviewed Sep 25, 2025
View reviewed changes
Copy link
Member

@denis-yuen denis-yuen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unsure about cases, will discuss on devs

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 26, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
86.5% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@svonworl
Copy link
Contributor Author

svonworl commented Sep 26, 2025
edited
Loading

unsure about cases, will discuss on devs

Per the discussion on devs, I modified the notification generation code so that it now considers the user when determining if a notification has already been issued. That is, the "needs a .dockstore.yml" notification will now be issued at most once for each user/repository pair, allowing multiple different users to be sent a notification for a given repository. This will gracefully handle the scenario wherein an admin installs the GitHub app on a .dockstore.yml-less repo, and then a different user pushes to the repo. A notification will be issued to each user, one at the time of the install, and the other at the time of the push.

@svonworl svonworl requested a review from denis-yuen September 26, 2025 03:02
denis-yuen
denis-yuen approved these changes Sep 26, 2025
View reviewed changes
dockstore-webservice/src/main/java/io/dockstore/webservice/core/UserNotification.java
@Schema(description = "The recommended action for the repository", requiredMode = RequiredMode.REQUIRED)
private Action action;

@Column(nullable = false)
Copy link
Member

@denis-yuen denis-yuen Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No changes needed, but looking through the various migration guides (6.0 -> 6.1, 6.1->6.2, through 6.6) Hibernate added soft delete
https://docs.jboss.org/hibernate/orm/6.4/userguide/html_single/Hibernate_User_Guide.html#soft-delete

Could be tried later to standardize things when the upgrade is worked out.

@denis-yuen
Copy link
Member

denis-yuen commented Sep 26, 2025

Per the discussion on devs, I modified the notification generation code so that it now considers the user when determining if a notification has already been issued.

Sweet!

@svonworl svonworl merged commit a9b6637 into hotfix/1.18.1 Sep 26, 2025
22 of 24 checks passed
@svonworl svonworl deleted the feature/seab-7285/make-dockstore-yml-notifications-happen-less branch September 26, 2025 16:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@denis-yuen denis-yuen denis-yuen approved these changes

Assignees

@svonworl svonworl

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@svonworl @denis-yuen