Skip to content

Feature/osh integration #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 72 commits into from
Nov 3, 2025
Merged

Feature/osh integration #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
e978f0b
feat: add OSH scheduler cursor entity and repository for polling stat…
ikrispin Oct 9, 2025
e80c684
feature: add OSH API client with JSON/HTML response parsing, health c…
ikrispin Oct 15, 2025
384acaf
add OshJsonDownloadService for downloading SAST reports from OSH logs…
ikrispin Oct 16, 2025
6a0eb77
extend JobCreationDto to support OSH scan data input
ikrispin Oct 16, 2025
705b69a
add OSH scan support to pipeline parameter mapping with transient JSO…
ikrispin Oct 16, 2025
ea1f4b8
update JobService to handle OSH scan input type and metadata
ikrispin Oct 16, 2025
01a7193
add OshJobCreationService for converting OSH scans to jobs
ikrispin Oct 16, 2025
a607a32
add JobRepository.findByOshScanId() for duplicate detection
ikrispin Oct 16, 2025
50d0a36
add OshSchedulerService for automated OSH scan polling
ikrispin Oct 16, 2025
521f6ad
add unique index on Job.osh_scan_id to prevent duplicates
ikrispin Oct 16, 2025
135e342
add integration tests and configuration for OSH integration
ikrispin Oct 16, 2025
2ca2ac0
add OSH retry mechanism database foundation
ikrispin Oct 19, 2025
80d10df
add OSH retry service layer with two-phase polling (incremental + ret…
ikrispin Oct 19, 2025
7528ea3
add OSH retry observability and admin tooling including REST endpoint…
ikrispin Oct 19, 2025
d93ebb5
add tests for retry logic
ikrispin Oct 19, 2025
fb3a7ed
refactor: improve code quality with specific exception handling, repo…
ikrispin Oct 19, 2025
653dc3e
fix: resolve SonarQube violations for Optional handling, Math.pow cas…
ikrispin Oct 19, 2025
d8338de
fix SonarQube alerts: extract constants, nested try-catch, Math.clamp…
ikrispin Oct 20, 2025
d048ff9
merge with main
ikrispin Oct 20, 2025
79ab5da
minor changes
ikrispin Oct 20, 2025
ba282fb
add package filtering (OSH_PACKAGES) env variable
ikrispin Oct 21, 2025
29e7cd2
optimize retry queue index by removing unused failure_reason column (…
ikrispin Oct 21, 2025
71336ac
minor changes
ikrispin Oct 21, 2025
b0647a3
fix: advance cursor only for CLOSED (finished) scans
ikrispin Oct 21, 2025
2b78851
remove redundant loop
JudeNiroshan Oct 23, 2025
d457ce8
invert if conditions for less cognitive complexity
JudeNiroshan Oct 23, 2025
3439f21
refactor: create dedicated osh service folder
ikrispin Oct 26, 2025
0ae7837
refactor: naming changes
ikrispin Oct 26, 2025
c553176
make retry enabled by default and remove retry flag from configurations
ikrispin Oct 26, 2025
63f765f
refactor: enhance comments and code quality and remove redundent methods
ikrispin Oct 26, 2025
0ac8d32
remove optinal from parameters that have default configuration
ikrispin Oct 26, 2025
76673a6
create a single OSH related configuration object
ikrispin Oct 26, 2025
33c9c48
move OshSchedulerService to startup folder and rename it to OshScheduler
ikrispin Oct 26, 2025
765f06a
make inclusivity clear
ikrispin Oct 26, 2025
782f7f5
add local variables to clarify start and end of a polling cycle
ikrispin Oct 26, 2025
0ce3411
Refactor OshScheduler with generic processItems method to eliminate d…
ikrispin Oct 26, 2025
b61c5df
change default so that if no packages are configured, we monitor nothing
ikrispin Oct 26, 2025
0c050e5
refactor OshScheduler to use ProcessingResult.FAILED enum for error h…
ikrispin Oct 26, 2025
10f39de
fix: revert to previous config as Quarkus's @ConfigProperty cannot ha…
ikrispin Oct 27, 2025
b1f628b
refactor(osh): replace JSON download with URL-based approach for work…
ikrispin Oct 27, 2025
e950431
simplified check for empty set
JudeNiroshan Oct 28, 2025
2bfffc1
use while loop for better readability
JudeNiroshan Oct 28, 2025
30b0e8b
rename method
JudeNiroshan Oct 28, 2025
d6cf5d7
consistent return types in both parsing methods
JudeNiroshan Oct 28, 2025
7869e08
remove unnecessary record definition
JudeNiroshan Oct 28, 2025
1f44c23
remove unnecessary method parameter
JudeNiroshan Oct 28, 2025
b8e9abb
simplified single scan flow
JudeNiroshan Oct 28, 2025
6f8a5e4
remove redundant method
JudeNiroshan Oct 28, 2025
8a9b29e
fix: use createJob() instead of createJobEntity() to actually trigger…
ikrispin Oct 29, 2025
8f3fc67
align test behavior with actual implementation
ikrispin Oct 29, 2025
0bd71d2
remove unnecessary unit test class
JudeNiroshan Oct 29, 2025
0f610b0
add missing custom TestProfile
JudeNiroshan Oct 29, 2025
5660201
fix: add missing application.properties file from test folder
ikrispin Oct 29, 2025
6daca8d
convert to unit test
JudeNiroshan Oct 29, 2025
609d4fc
Merge remote-tracking branch 'origin/feature/osh-integration' into fe…
JudeNiroshan Oct 29, 2025
863124a
fix: remove incorrect syntax
ikrispin Oct 29, 2025
514e9a3
remove unnecessary tests and simplified code
JudeNiroshan Oct 29, 2025
fb9d87b
refactor: add skip logic to prevent failed automated review on PRs wi…
ikrispin Oct 29, 2025
e7b1808
convert into unit test
JudeNiroshan Oct 29, 2025
e440591
Merge remote-tracking branch 'origin/feature/osh-integration' into fe…
JudeNiroshan Oct 30, 2025
4262f4d
removed unnecessary test cases
JudeNiroshan Oct 30, 2025
04670e0
fix failed test cases
JudeNiroshan Oct 30, 2025
394b206
fix: clear persistence context in retry test to force fresh DB reads …
ikrispin Oct 30, 2025
805f3fc
refactor: OshRetryServiceIT test cases and adjust getConfigurationSum…
ikrispin Oct 30, 2025
8373a66
change enum types names
ikrispin Oct 30, 2025
2f1e7c1
refactor: OshJobCreationServiceTest test cases
ikrispin Oct 30, 2025
d0836ee
refactor: OshConfigurationTest test cases
ikrispin Oct 30, 2025
21dadfe
change unlimited retries key from 0 to -1 to allow no retry attempts …
ikrispin Oct 30, 2025
ddd8788
remove unnecessary comments
JudeNiroshan Nov 3, 2025
6773ff7
use try-with-resources
JudeNiroshan Nov 3, 2025
f7c21c0
refactor and rename methods for better readability
JudeNiroshan Nov 3, 2025
9e48e6e
fix: adjust tests to new OshScheduler.classifyFailure() logic
ikrispin Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion .github/workflows/ai-code-review.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,46 @@ jobs:
git fetch origin "${{ env.PULL_REQUEST_BASE_REF }}"
git checkout "${{ env.PULL_REQUEST_HEAD_REF }}"
git diff "origin/${{ env.PULL_REQUEST_BASE_REF }}" > "diff.txt"

# Check diff size to avoid "Argument list too long" error
DIFF_SIZE=$(wc -c < "diff.txt")
MAX_DIFF_SIZE=100000 # 100KB limit for GitHub Actions output variables

if [ "$DIFF_SIZE" -gt "$MAX_DIFF_SIZE" ]; then
echo "skip_review=true" >> $GITHUB_OUTPUT
echo "Diff size ($DIFF_SIZE bytes) exceeds maximum ($MAX_DIFF_SIZE bytes). Skipping AI review for large PR."
exit 0
fi

echo "skip_review=false" >> $GITHUB_OUTPUT
{
echo "pull_request_diff<<EOF";
cat "diff.txt";
echo 'EOF';
} >> $GITHUB_OUTPUT
- name: "Comment on skipped review"
if: steps.get_diff.outputs.skip_review == 'true'
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '**AI Code Review Skipped**: This PR is too large for automated review (diff size exceeds 100KB).'
})
- uses: rubensflinco/[email protected]
name: "Code Review by Gemini AI"
id: review
if: steps.get_diff.outputs.skip_review != 'true'
with:
gemini_api_key: ${{ secrets.GEMINI_API_KEY }}
github_token: ${{ secrets.GITHUB_TOKEN }}
github_repository: ${{ github.repository }}
github_pull_request_number: ${{ github.event.pull_request.number }}
git_commit_hash: ${{ github.event.pull_request.head.sha }}
model: "gemini-2.0-flash"
model: "gemini-2.5-flash"
pull_request_diff: |-
${{ steps.get_diff.outputs.pull_request_diff }}
pull_request_chunk_size: "3500"
Expand Down
6 changes: 6 additions & 0 deletions deploy/sast-ai-chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ app:
SAST_AI_WORKFLOW_NAMESPACE: sast-ai
# Google Service Account configuration
GOOGLE_SERVICE_ACCOUNT_SECRET_PATH: /etc/secrets/google-service-account-secret/service_account.json
# OSH Package filtering configuration
OSH_PACKAGES: "systemd,glibc"

# Resource limits and requests
resources:
Expand Down Expand Up @@ -210,6 +212,10 @@ configMap:
# Logging configuration
quarkus.log.category."org.jboss.logging".level=${QUARKUS_LOG_LEVEL}

# Package filtering - comma-separated list of packages to monitor
# Example: systemd,glibc
osh.packages=${OSH_PACKAGES:}

## Horizontal Pod Autoscaler
hpa:
enabled: false
Expand Down
13 changes: 13 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@
<groupId>io.quarkus</groupId>
<artifactId>quarkus-hibernate-orm</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-scheduler</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-flyway</artifactId>
Expand Down Expand Up @@ -97,6 +101,10 @@
<groupId>io.quarkus</groupId>
<artifactId>quarkus-hibernate-validator</artifactId>
</dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-smallrye-health</artifactId>
</dependency>
<!-- Google Sheets API dependencies -->
<dependency>
<groupId>com.google.apis</groupId>
Expand Down Expand Up @@ -154,6 +162,11 @@
<artifactId>quarkus-jacoco</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.jsoup</groupId>
<artifactId>jsoup</artifactId>
<version>1.18.3</version>
</dependency>
</dependencies>

<build>
Expand Down
Loading