Remove unused API v2 endpoints add more spectral rules#1988
Merged
Conversation
Up to standards ✅🟢 Issues
|
| Category | Results |
|---|---|
| CodeStyle | 5 minor |
🟢 Metrics 17 complexity
Metric Results Complexity 17
🟢 Coverage 100.00% diff coverage
Metric Results Coverage variation Report missing for 69f6ea01 Diff coverage ✅ 100.00% diff coverage (70.00%) Coverage variation details
Coverable lines Covered lines Coverage Common ancestor commit (69f6ea0) Report Missing Report Missing Report Missing Head commit (8e457cd) 42637 35883 84.16% Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch:
<coverage of head commit> - <coverage of common ancestor commit>Diff coverage details
Coverable lines Covered lines Diff coverage Pull request (#1988) 25 25 100.00% Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
<covered lines added or modified>/<coverable lines added or modified> * 100%1 Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.
TIP This summary will be updated as you push new changes. Give us feedback
Contributor
There was a problem hiding this comment.
Pull request overview
This PR removes unused API v2 endpoints (/teams, /metrics) and tightens API contract enforcement by adding Spectral rules for operationId naming and method-specific response conventions (status codes + Location headers). It also updates several remaining v2 endpoints and tests to comply with the newly enforced response conventions.
Changes:
- Remove unused v2 Teams and Metrics endpoints (resources, DAOs, OpenAPI paths, and tests).
- Add Spectral rules + a custom
response-conventionsfunction to enforce operationId prefixes and response/status/header conventions. - Update v2 endpoints/tests to return 201/202 with
Locationheaders where required (e.g., secrets, components, advisories upload, CSAF discovery trigger).
Reviewed changes
Copilot reviewed 39 out of 39 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| apiserver/src/test/java/org/dependencytrack/resources/v2/TeamsResourceTest.java | Removes tests for the deleted v2 Teams endpoints. |
| apiserver/src/test/java/org/dependencytrack/resources/v2/SecretsResourceTest.java | Updates create-secret test expectations to 201 + Location. |
| apiserver/src/test/java/org/dependencytrack/resources/v2/MetricsResourceTest.java | Removes tests for the deleted v2 Metrics endpoints. |
| apiserver/src/test/java/org/dependencytrack/resources/v2/CsafResourceTest.java | Updates discovery-trigger test to assert Location header presence. |
| apiserver/src/test/java/org/dependencytrack/resources/v2/ComponentsResourceTest.java | Updates component creation test to assert Location points to created component. |
| apiserver/src/test/java/org/dependencytrack/resources/v2/AdvisoriesResourceTest.java | Updates advisory upload test to expect 201 + Location. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/TeamsResource.java | Removes the v2 Teams resource implementation. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/SecretsResource.java | Changes create-secret to return 201 Created with Location header. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/MetricsResource.java | Removes the v2 Metrics resource implementation. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/CsafResource.java | Adds Location header to the 202 Accepted response for provider discovery trigger. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/ComponentsResource.java | Includes created component UUID in Location header for 201 response. |
| apiserver/src/main/java/org/dependencytrack/resources/v2/AdvisoriesResource.java | Changes CSAF upload success response to 201 + Location and returns JSON body with created UUID. |
| apiserver/src/main/java/org/dependencytrack/persistence/jdbi/TeamDao.java | Removes DAO supporting deleted Teams endpoints. |
| apiserver/src/main/java/org/dependencytrack/persistence/jdbi/MetricsDao.java | Removes v2-only vulnerability-metrics pagination method/records tied to deleted endpoints. |
| api/src/main/spectral/ruleset.yaml | Adds operationId prefix rules and response convention rules; registers new custom function. |
| api/src/main/spectral/functions/response-conventions.js | Implements method-specific response validation (status codes, Location header rules, PATCH body rule). |
| api/src/main/openapi/paths/teams__name_.yaml | Removes v2 Teams path definition. |
| api/src/main/openapi/paths/teams.yaml | Removes v2 Teams collection path definition. |
| api/src/main/openapi/paths/team-memberships.yaml | Removes v2 Team memberships path definition. |
| api/src/main/openapi/paths/secrets.yaml | Updates create-secret response to 201 + Location header. |
| api/src/main/openapi/paths/projects__uuid__clone.yaml | Adds Location header to 201 clone response. |
| api/src/main/openapi/paths/metrics_vulnerabilities.yaml | Removes v2 vulnerability metrics path definition. |
| api/src/main/openapi/paths/metrics_portfolio_current.yaml | Removes v2 portfolio current metrics path definition. |
| api/src/main/openapi/paths/csaf/providers.yaml | Adds Location header to 201 create-provider response. |
| api/src/main/openapi/paths/csaf/aggregators__id__provider-discovery.yaml | Adds Location header to 202 discovery-trigger response. |
| api/src/main/openapi/paths/csaf/aggregators.yaml | Adds Location header to 201 create-aggregator response. |
| api/src/main/openapi/paths/components.yaml | Adds Location header to 201 create-component response. |
| api/src/main/openapi/paths/advisories.yaml | Changes upload-advisory response from 200 text/plain to 201 + Location + JSON body schema. |
| api/src/main/openapi/openapi.yaml | Removes /metrics and /teams-related path refs from the v2 spec root. |
| api/src/main/openapi/components/schemas/upload-advisory-response.yaml | Redefines upload response schema to a simple object containing the created advisory UUID. |
| api/src/main/openapi/components/schemas/portfolio-metrics-response.yaml | Removes schema tied to deleted metrics endpoint. |
| api/src/main/openapi/components/schemas/list-vulnerability-metrics-response.yaml | Removes schema tied to deleted metrics endpoint. |
| api/src/main/openapi/components/schemas/list-vulnerability-metrics-response-item.yaml | Removes schema tied to deleted metrics endpoint. |
| api/src/main/openapi/components/schemas/list-teams-response-item.yaml | Removes schema tied to deleted teams endpoint. |
| api/src/main/openapi/components/schemas/list-team-memberships-response.yaml | Removes schema tied to deleted teams endpoint. |
| api/src/main/openapi/components/schemas/list-team-memberships-response-item.yaml | Removes schema tied to deleted teams endpoint. |
| api/src/main/openapi/components/schemas/get-team-response.yaml | Removes schema tied to deleted teams endpoint. |
| api/src/main/openapi/components/schemas/create-team-request.yaml | Removes schema tied to deleted teams endpoint. |
| api/src/main/openapi/components/schemas/create-team-membership-request.yaml | Removes schema tied to deleted teams endpoint. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
* Removes /teams and /metrics endpoints that were added but never put into use. Carrying them forward is a maintenance burden that is unnecessary. * Adds Spectral rules that enforce guidelines around naming of operations, and response structure. They are not perfect but should catch blunt violations. * Updates endpoint implementations that violated the enforced rules, e.g. by populating Location headers. Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro
force-pushed
the
rm-unused-v2-endpoints
branch
from
2e1e29c to
8e457cd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Removes unused API v2 endpoints add more spectral rules.
Addressed Issue
N/A
Additional Details
N/A
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR implements an enhancement, and I have provided tests to verify that it works as intendedThis PR introduces changes to the database model, and I have updated the migration changelog accordinglyThis PR introduces new or alters existing behavior, and I have updated the documentation accordingly