feat: adding stewardship tables and small fixis (CM-1218)#4191
Open
ulemons wants to merge 3 commits into
Open
Conversation
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
ulemons
force-pushed
the
feat/stewardship-tables
branch
from
3555909 to
b7f1724
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
This PR provisions the initial database schema for OSSPREY Self Serve “stewardship” (v1) and refactors the public Packages API typing + OpenAPI spec to introduce a stewardship surface area (currently backed by mocks).
Changes:
- Add a new packages-db migration creating six stewardship-related tables with indexes/FKs.
- Introduce a single
types.tssource-of-truth for stewardship/domain types and update mocks/handlers to use it. - Update the Packages OpenAPI schema to include stewardship fields and adjust the list/batch shapes.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| backend/src/osspckgs/migrations/V1781094067__stewardship-tables.sql | Adds stewardship tables + indexes for v1/v2 rollout. |
| backend/src/api/public/v1/packages/types.ts | Adds centralized TS domain types for packages stewardship API. |
| backend/src/api/public/v1/packages/openapi.yaml | Extends public OpenAPI contract with stewardship fields and tweaks required fields. |
| backend/src/api/public/v1/packages/mockData.ts | Updates mocks to use shared types and adds stewardship to detail mocks. |
| backend/src/api/public/v1/packages/batchGetStewardship.ts | Aligns batch endpoint output with new types and mock detail stewardship status. |
Comments suppressed due to low confidence (1)
backend/src/api/public/v1/packages/openapi.yaml:201
stewardsis named as a plural but is modeled as a singleSteward(or null), and the description also says “Single assigned steward”. This is inconsistent for API consumers and future evolution (especially since the DB schema is many-to-many). Either rename the field to singular (steward) everywhere, or change the shape to an array (stewards: Steward[]) and update the OpenAPI schema + handlers/mocks accordingly.
stewards:
description: Single assigned steward or null.
oneOf:
- $ref: '#/components/schemas/Steward'
- type: 'null'
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+35
to
+38
| openVulns: OpenVulns | null | ||
| stewardship: StewardshipStatus | ||
| stewards: Steward | null | ||
| lastActivityAt: string | null |
Comment on lines
+415
to
+426
| stewardship: | ||
| type: object | ||
| description: Stewardship state. In v1 always unassigned with no stewards or activity. | ||
| properties: | ||
| status: | ||
| $ref: '#/components/schemas/StewardshipStatus' | ||
| stewards: | ||
| description: Single assigned steward or null. Null in v1. | ||
| oneOf: | ||
| - $ref: '#/components/schemas/Steward' | ||
| - type: 'null' | ||
| lastActivityAt: |
joanagmaia
previously approved these changes
Jun 11, 2026
Comment on lines
+35
to
+38
| openVulns: OpenVulns | null | ||
| stewardship: StewardshipStatus | ||
| stewards: Steward | null | ||
| lastActivityAt: string | null |
… filter Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Umberto Sgueglia <usgueglia@contractor.linuxfoundation.org>
Comment on lines
136
to
137
| stewardship: | ||
| $ref: '#/components/schemas/StewardshipStatus' |
Comment on lines
197
to
198
| stewardship: | ||
| $ref: '#/components/schemas/StewardshipStatus' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Provisions the six stewardship tables for the OSSPREY Self Serve program (v1) and cleans up the packages API type layer. In v1 only
stewardshipsis populated — oneunassignedrow per critical package via the import job. The other five tables are schema-only, empty until v2 write flows land.Changes
V1781094067__stewardship-tables.sql: createsstewardships,stewardship_stewards,stewardship_activity,stewardship_assessments,stewardship_findings,stewardship_remediation_actionswith all indexes and FK constraints. Notable deviations from the original spec:updated_atadded tostewardship_assessments(was missing vs all other mutable tables); optionalassessment_idFK onstewardship_findingsto link findings to the assessment that produced them when v2 landstypes.ts(new): single source of truth for domain types —StewardshipStatus,Lifecycle,SeverityLevel,OpenVulns,Steward,StewardshipSummary— previously scattered as inline literals across handler filesstewardshipblock toPackageDetail; renamedPackageListItem.steward→stewards; addedopenVulnstoStewardshipSummary.requiredbatchGetStewardship.ts: readsstewardship.statusfrom mock detail instead of hardcoding'unassigned'; removed redundantinguard on severity accumulatormockData.ts: all types now referencetypes.ts; stewardship block added toMockPackageDetailType of change
JIRA ticket
ticket
Note
Medium Risk
New production migration on
packagesFKs affects core OSS package data; public API contract changes (steward→stewards, new detail shape) may break consumers until coordinated.Overview
Adds OSSPREY stewardship persistence via migration
V1781094067__stewardship-tables.sql: six related tables (stewardshipsplus stewards, activity, assessments, findings, remediation actions) with FKs and indexes; v1 is expected to populate onlystewardships(oneunassignedrow per critical package).Packages public API is aligned ahead of real DB reads: new shared
types.tscentralizes stewardship/lifecycle/vuln types; mocks gain astewardshipblock and list items usestewards(array) instead ofsteward.batchGetStewardshipnow returns status/stewards from mock detail (not hardcodedunassigned) and simplifies open-vuln counting.listPackagesunstewardedOnlytreats bothnullandunassignedas unstewarded. OpenAPI documentsPackageDetail.stewardship, pluralstewards, and addsopenVulnsto requiredStewardshipSummaryfields.Reviewed by Cursor Bugbot for commit f1421c2. Bugbot is set up for automated code reviews on this repo. Configure here.