Serialize webhook's release payload published_at property as a string #5966

coverbeck · 2024-08-09T17:10:49Z

Description
Ran into this when trying to redeliver events in dockstore-support.

The GitHub JSON payload has a published_at field with a date in string form, e.g., 2024-07-23T21:30:12Z
But for the OpenAPI, copying code where we handle Timestamps elsewhere, I specified the type as a long (int64).

In dockstore-support, when trying to read in a raw GitHub event we'd stored in s3 into an OpenAPI generated Java class, it would fail, because the OpenAPI generated code expected a long, but got a string.

So serialize published_at as a string, so the type of the field is the same both when coming from GitHub and when being invoked with the OpenAPI.

Next problem I ran into was into is that the OpenAPI client code serializes the date with milliseconds, e.g., 2024-07-23T21:30:12.123Z, whereas the GitHub payload does not have milliseconds. The default Jackson deserializer cannot handle both cases, so I had to write a custom deserializer.

Review Instructions
Verify that in https://qa.dockstore.org/api/static/swagger-ui/index.html#/workflows/handleGitHubTaggedRelease, the schema for ReleasePayload|WebHookRelease|published_at is a string.

Issue
SEAB-6466

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

Security and Privacy assessed

e.g. Does this change...

Any user data we collect, or data location?
Access control, authentication or authorization?
Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

Check that you pass the basic style checks and unit tests by running mvn clean install
Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
Do not serve user-uploaded binary images through the Dockstore API
Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
Do not create cookies, although this may change in the future
If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

way if need to forward.

codecov · 2024-08-09T17:12:07Z

Codecov Report

Attention: Patch coverage is 77.77778% with 2 lines in your changes missing coverage. Please review.

Project coverage is 74.20%. Comparing base (ee8503a) to head (b98152e).

Files	Patch %	Lines
...tore/webservice/helpers/TimestampDeserializer.java	77.77%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             develop    #5966   +/-   ##
==========================================
  Coverage      74.20%   74.20%           
- Complexity      5399     5402    +3     
==========================================
  Files            378      379    +1     
  Lines          19568    19577    +9     
  Branches        2036     2037    +1     
==========================================
+ Hits           14520    14527    +7     
- Misses          4072     4073    +1     
- Partials         976      977    +1

Flag	Coverage Δ
bitbuckettests	`26.82% <0.00%> (-0.02%)`	⬇️
hoverflytests	`27.47% <0.00%> (-0.02%)`	⬇️
integrationtests	`56.87% <77.77%> (+<0.01%)`	⬆️
languageparsingtests	`11.05% <0.00%> (-0.01%)`	⬇️
localstacktests	`21.53% <0.00%> (-0.01%)`	⬇️
toolintegrationtests	`30.20% <0.00%> (-0.02%)`	⬇️
unit-tests_and_non-confidential-tests	`25.84% <0.00%> (-0.02%)`	⬇️
workflowintegrationtests	`38.23% <0.00%> (-0.02%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

coverbeck · 2024-08-09T17:49:52Z

...store-integration-testing/src/test/java/io/dockstore/webservice/helpers/GitHubAppHelper.java

@@ -104,7 +104,7 @@ public static void handleGitHubBranchDeletion(WorkflowsApi workflowsApi, String
     */
    public static void handleGitHubTaggedRelease(WorkflowsApi workflowsApi, String repository, String tagName, Date date, String username) {
        final ReleasePayload 
8000
releasePayload = new ReleasePayload();
-        releasePayload.setRelease(new WebhookRelease().tagName(tagName).publishedAt(date.getTime()));
+        releasePayload.setRelease(new WebhookRelease().tagName(tagName).publishedAt(date));


Changed this because before it was a long in the generated code.

svonworl

No need to change, but do you think it would be easy to tweak Jackson so that, by default, it would serialize/deserialize Timestamps using the desired patterns/code? Per RFC 3339, fractional seconds are allowed, which probably is why the generated OpenAPI code includes them:
https://datatracker.ietf.org/doc/html/rfc3339#section-5.6

coverbeck · 2024-08-09T23:44:58Z

No need to change, but do you think it would be easy to tweak Jackson so that, by default, it would serialize/deserialize Timestamps using the desired patterns/code? Per RFC 3339, fractional seconds are allowed, which probably is why the generated OpenAPI code includes them: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6

Yes, they're allowed. It looks like Gary had tried to change it globally but commented it out for some reason.

We'd have to do something like the 3rd answer (the first 2 answers, including the accepted one, didn't work!).

I preferred, to keep the fix localized in case it broke something by changing it globally. Plus we're already passing around Timestamps as longs elsewhere, and we shouldn't change those (it'll break the CLI).

published_at is a string from GitHub, keep it that

b98152e

way if need to forward.

coverbeck self-assigned this Aug 9, 2024

coverbeck commented Aug 9, 2024

View reviewed changes

coverbeck requested review from denis-yuen, david4096, kathy-t and svonworl August 9, 2024 17:50

denis-yuen approved these changes Aug 9, 2024

View reviewed changes

svonworl approved these changes Aug 9, 2024

View reviewed changes

kathy-t approved these changes Aug 12, 2024

View reviewed changes

david4096 approved these changes Aug 13, 2024

View reviewed changes

coverbeck merged commit d9e6647 into develop Aug 13, 2024
21 checks passed

coverbeck deleted the feature/seab-6466/serialize branch August 13, 2024 20:23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Serialize webhook's release payload published_at property as a string #5966

Serialize webhook's release payload published_at property as a string #5966

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Serialize webhook's release payload published_at property as a string #5966

Serialize webhook's release payload published_at property as a string #5966

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!