Only fetch non-default branch feedback

We only want to update feedback for non-default branch feedback with this migration. (Default branch feedback will be updated in an earlier migration.) Directly checking if the related pipeline is on the default branch is too difficult without using Gitaly related classes, and we try to avoid using Gitlab classes that might change in migrations. Therefore, I'm using the existence of occurrences related to the pipeline as an indicator of the pipeline having run for the default branch. (At the moment, we only create occurrences for pipelines on the default branch.)

Only fetch non-default branch feedback
We only want to update feedback for non-default branch feedback with this migration. (Default branch feedback will be updated in an earlier migration.) Directly checking if the related pipeline is on the default branch is too difficult without using Gitaly related classes, and we try to avoid using Gitlab classes that might change in migrations. Therefore, I'm using the existence of occurrences related to the pipeline as an indicator of the pipeline having run for the default branch. (At the moment, we only create occurrences for pipelines on the default branch.)
35ba9576 · Avielle Wolfe · 86a55e50 · 35ba9576 · 35ba9576
2 changed file
--- a/db/post_migrate/20190827193201_update_fingerprints_on_non_default_branch_feedback.rb
+++ b/db/post_migrate/20190827193201_update_fingerprints_on_non_default_branch_feedback.rb
@@ -12,7 +12,7 @@ class UpdateFingerprintsOnNonDefaultBranchFeedback < ActiveRecord::Migration[5.2
  disable_ddl_transaction!

  def up
-    Feedback.all.each do |feedback|
+    Feedback.where_might_need_update.each do |feedback|
      artifact = feedback.pipeline.report_for_feedback(feedback)
      report = JSON.parse(artifact.file.read)

@@ -53,11 +53,25 @@ class UpdateFingerprintsOnNonDefaultBranchFeedback < ActiveRecord::Migration[5.2
  end
  private_constant :Build

+  class Occurrence < ActiveRecord::Base
+    self.table_name = 'vulnerability_occurrences'
+  end
+  private_constant :Occurrence
+
+  class OccurrencePipeline < ActiveRecord::Base
+    self.table_name = 'vulnerability_occurrence_pipelines'
+
+    belongs_to :occurrence
+  end
+  private_constant :OccurrencePipeline
+
  class Pipeline < ActiveRecord::Base
    self.table_name = 'ci_pipelines'

    has_many :builds, foreign_key: :commit_id
    has_many :artifacts, through: :builds
+    has_many :occurrence_pipelines
+    has_many :occurrences, through: :occurrence_pipelines

    def report_for_feedback(feedback)
      report_type = if feedback.dependency_scanning?
@@ -75,8 +89,16 @@ class UpdateFingerprintsOnNonDefaultBranchFeedback < ActiveRecord::Migration[5.2
    self.table_name = 'vulnerability_feedback'

    belongs_to :pipeline
+    has_many :occurrences, through: :pipeline

    enum category: { dependency_scanning: 1, container_scanning: 2 }
+
+    # Feedback that might need update are feedback on vulnerabilities reported
+    # by container scanning or dependency scanning jobs run on any branch except
+    # the default branch
+    def self.where_might_need_update
+      left_outer_joins(:occurrences).where('vulnerability_occurrences IS NULL')
+    end
  end
  private_constant :Feedback


--- a/spec/migrations/update_fingerprints_on_non_default_branch_feedback_spec.rb
+++ b/spec/migrations/update_fingerprints_on_non_default_branch_feedback_spec.rb
@@ -83,7 +83,7 @@ describe UpdateFingerprintsOnNonDefaultBranchFeedback, :migration do
  end

  def create_artifact(file_type:, report:)
-    job = jobs.create(commit_id: pipeline.id, retried: false)
+    job = jobs.create(commit_id: pipeline.id)

    Artifact.create(
      file: report,