SEAB-6803: Implement "versions needing a retroactive DOI" endpoint #6086

svonworl · 2025-03-14T22:30:20Z

Description
This PR adds a new admin/curator-only endpoint to the webservice that returns a list of versions in need of a retroactive automatic DOI. An external script will query this endpoint periodically, and use another endpoint to create a DOI for each version, to gradually/incrementally create auto DOIs for versions that:

haven't been updated since we released the auto DOI functionality.
are authorless and didn't previously qualify for a DOI (we are enabling DOIs for authorless versions, going forward).

The endpoint returns a specified number (default 100) of versions that are "most eligible" for an automatic DOI. In the response, each version is paired with its parent workflow, so that the script doesn't have to look it up.

The endpoint determines the list of "most eligible" versions by:

determining the list of the workflows that are "eligible" for at least one automatic DOI, meaning that the workflow is published, hasn't opted out of auto DOI generation, and has at least one version that meets the requirements for an auto DOI (tagged, valid, etc) and currently has zero DOIs.
eliminating the workflows with versions that have GitHub or manual DOIs (under the assumption that the author is managing their DOIs already, or that "automatic" generation is already set up, and we should focus our effort elsewhere).
selecting the N "most eligible" workflows (those with the lowest DOI counts) from the list.
for each "most eligible" workflow, determining the version that is "most eligible" for an auto DOI, where eligibility means whether it is the default version, has metrics, or was modified more recently.

The first three steps use the results of HQL queries that return workflow IDs, rather than iterating in Java code through the Hibernate entities corresponding to all workflows and versions, because the latter would take a very long time.

The implementation is very Streamey, Charles would be proud.

This endpoint is relatively hard to automatically test, given our design and architecture. Given that the functionality isn't critical, I suggest we user test via the generation script, after it's deployed to qa.

Review Instructions
Hit the endpoint, inspect the results, and confirm that they appear to be reasonable:

versions are tagged, valid, not hidden, and don't have a doi.
workflows are published, don't have many dois, and have not opted out of automatic DOI creation.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-6803

Security and Privacy

We are creating a new endpoint that returns information from the database.

Security and Privacy assessed

e.g. Does this change...

Any user data we collect, or data location?
Access control, authentication or authorization?
Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

Check that you pass the basic style checks and unit tests by running mvn clean install
Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
Do not serve user-uploaded binary images through the Dockstore API
Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
Do not create cookies, although this may change in the future
If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

codecov · 2025-03-14T22:30:38Z

Codecov Report

Attention: Patch coverage is 0% with 47 lines in your changes missing coverage. Please review.

Project coverage is 74.27%. Comparing base (9ca6e75) to head (216b619).
Report is 3 commits behind head on develop.

Files with missing lines	Patch %	Lines
...ckstore/webservice/resources/WorkflowResource.java	0.00%	37 Missing ⚠️
...java/io/dockstore/webservice/jdbi/WorkflowDAO.java	0.00%	7 Missing ⚠️
...e/webservice/core/database/WorkflowAndVersion.java	0.00%	1 Missing ⚠️
...re/webservice/core/database/WorkflowIdToCount.java	0.00%	1 Missing ⚠️
.../dockstore/webservice/jdbi/WorkflowVersionDAO.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #6086      +/-   ##
=============================================
- Coverage      74.45%   74.27%   -0.18%     
  Complexity      5639     5639              
=============================================
  Files            386      388       +2     
  Lines          20231    20278      +47     
  Branches        2088     2093       +5     
=============================================
  Hits           15062    15062              
- Misses          4170     4217      +47     
  Partials         999      999

Flag	Coverage Δ
bitbuckettests	`26.06% <0.00%> (-0.08%)`	⬇️
hoverflytests	`27.66% <0.00%> (-0.07%)`	⬇️
integrationtests	`55.86% <0.00%> (-0.13%)`	⬇️
languageparsingtests	`10.82% <0.00%> (-0.03%)`	⬇️
localstacktests	`21.33% <0.00%> (-0.05%)`	⬇️
toolintegrationtests	`29.93% <0.00%> (-0.07%)`	⬇️
unit-tests_and_non-confidential-tests	`26.31% <0.00%> (-0.07%)`	⬇️
workflowintegrationtests	`37.57% <0.00%> (-0.09%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

denis-yuen · 2025-03-17T14:14:59Z

dockstore-webservice/src/main/java/io/dockstore/webservice/resources/WorkflowResource.java

+        Set<Long> eligibleWorkflowIds = workflowDAO.getWorkflowIdsEligibleForRetroactiveDoi();
+        Set<Long> gitHubDoiWorkflowIds = workflowDAO.getWorkflowIdsWithGitHubDoi();
+
+        // Determine the workflows "most eligible" for a DOI, which are the workflows that don't have a GitHub DOI


question: should we rule out workflows with a user generated DOI as well as those that were issued more directly on GitHub?

Don't feel super-strongly about this, but the rationale for generating retroactive DOIs for workflows with manual DOIs:

there's no "automatic" DOI scheme already in place (unlike a GitHub DOI setup).

the typical workflow with a manual DOI probably only has a handful (one, for most workflows), so we'd be "filling in the gaps" (if we decide to generate enough retroactive DOIs to get to the workflow).

If a workflow does have lots of manual DOIs, it'll be deprioritized by the endpoint anyways.

I feel somewhat strongly that if a user has went to the trouble of linking their accounts, persisting through to manual DOIs, maybe they do want to handle/control the process.
i.e. maybe that "one" DOI they generated is really the one they want people to focus on

In other words, I was a bit surprised because this PR rules out direct GitHub but not manual DOIs whereas I would have kinda ruled out manual DOIs but less sure about direct GitHub.

Per our slack convo https://ucsc-gi.slack.com/archives/C05EZH3RVNY/p1742244954907069, I changed the endpoint to exclude workflows that have at least one GitHub OR manual DOI.

kathy-t

was here, approach looks good but will wait for the implementation of excluding workflows with manual DOIs

sonarqubecloud · 2025-03-17T23:32:09Z

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

svonworl added 9 commits March 11, 2025 20:55

lay some foundations

22a03fc

checkpoint

07d1156

change query structure and adjust algorithm

4f8a88d

checkpoint

be159d9

refactor, remove cruft

aaf663d

fix names

3d2bb9e

rename and improve data structures

e8ddb79

rename
8000

747ce25

add comments, limit

a334c1c

svonworl requested review from denis-yuen, hyunnaye and kathy-t March 14, 2025 22:36

denis-yuen assigned svonworl Mar 17, 2025

denis-yuen reviewed Mar 17, 2025

View reviewed changes

kathy-t reviewed Mar 17, 2025

View reviewed changes

exclude workflows with manual dois, also

216b619

svonworl requested review from denis-yuen and kathy-t March 17, 2025 23:02

denis-yuen approved these changes Mar 18, 2025

View reviewed changes

kathy-t approved these changes Mar 18, 2025

View reviewed changes

svonworl merged commit 6265080 into develop Mar 18, 2025
21 of 24 checks passed

svonworl deleted the feature/seab-6803/versions-that-need-dois-endpoint branch March 18, 2025 18:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SEAB-6803: Implement "versions needing a retroactive DOI" endpoint #6086

SEAB-6803: Implement "versions needing a retroactive DOI" endpoint #6086

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SEAB-6803: Implement "versions needing a retroactive DOI" endpoint #6086

SEAB-6803: Implement "versions needing a retroactive DOI" endpoint #6086

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Quality Gate failed

Uh oh!

Uh oh!

Uh oh!