test(analysis): add tests for evolving the state over time

[ctron]

Assisted-by: Cursor

Summary by Sourcery

Add temporal analysis tests and shared helpers for constructing test document paths and escaped query parameters.

Enhancements:

• Introduce a generic Join helper trait to build collections of document paths from a base prefix and filenames.
• Relax test-context ingest_documents to accept any AsRef path-like items instead of string slices.
• Add an escape_q helper to safely escape values for use in q query parameters.

Tests:

• Refactor existing analysis endpoint tests to use the new Join helper when ingesting multiple CycloneDX documents.
• Add temporal analysis tests that verify how container search results evolve as older and newer datasets are ingested, including latest and purl/CPE search scenarios.

[sourcery-ai]

Reviewer's Guide

This PR adds a temporal test suite for how latest-filter analysis results evolve over time, introduces test utilities for building path iterators and escaping query parameters, generalizes the document ingestion helper to accept any AsRef, and refactors existing tests to use the new Join-based path construction instead of hard-coded string slices.

File-Level Changes

Change	Details	Files
Introduce temporal tests for evolving latest-filter state and behavior over time.	Add modules/analysis/src/endpoints/tests/temporal.rs with helper iterators for older, newer, and combined CNV container datasets Define multiple rstest cases that ingest different temporal datasets (older, all) and assert expected totals for CPE and purl-based queries, with and without the latest flag Use the new escape_q helper to safely construct purl-based query strings in tests	modules/analysis/src/endpoints/tests/temporal.rs
Add reusable test utilities for joining path prefixes with file names and escaping query parameters.	Add escape_q function to escape backslashes, ampersands, and equals signs for use in q parameters Introduce a Join trait with join and chain helpers to map a base prefix plus iterator of Display items into an iterator of full paths, including an implementation for all Display types Re-export/use these helpers in tests via crate::test::{Join, caller, escape_q}	modules/analysis/src/test.rs
Generalize test-context document ingestion and refactor tests to use Join-based path construction.	Change ingest_documents to accept IntoIterator<Item = impl AsRef> and call as_ref() internally, allowing iterators of owned Strings Refactor multiple endpoint tests to replace hard-coded string arrays with Join-based iterators that combine directory prefixes and file names Apply this refactor across latest_filters, rh_variant, and TC-* test cases to reduce duplication and align with the new temporal tests	test-context/src/lib.rs modules/analysis/src/endpoints/tests/latest_filters.rs modules/analysis/src/endpoints/tests/rh_variant.rs modules/analysis/src/endpoints/tests/mod.rs

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• The new Join trait’s chain method name is very close to Iterator::chain but has different semantics and is implemented for all Display; consider using a more specific name and/or a narrower impl to avoid confusion and unintended method resolution.
• The temporal test cases include a // FIXME about the expected total for the latest purl query; please either resolve the expectation or mark the test with an explicit reason (e.g. #[ignore]) so it doesn’t land in a known-broken state.
• The new path-building via Join + join/chain in tests is harder to read than the original literal string arrays; consider simplifying the helpers or keeping the test data paths as explicit lists where possible to preserve clarity.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The new `Join` trait’s `chain` method name is very close to `Iterator::chain` but has different semantics and is implemented for all `Display`; consider using a more specific name and/or a narrower impl to avoid confusion and unintended method resolution.
- The temporal test cases include a `// FIXME` about the expected `total` for the latest purl query; please either resolve the expectation or mark the test with an explicit reason (e.g. `#[ignore]`) so it doesn’t land in a known-broken state.
- The new path-building via `Join` + `join`/`chain` in tests is harder to read than the original literal string arrays; consider simplifying the helpers or keeping the test data paths as explicit lists where possible to preserve clarity.

## Individual Comments

### Comment 1
<location> `modules/analysis/src/endpoints/tests/temporal.rs:68` </location>
<code_context>
+)]
+#[case( // purl search, latest
+    Req { what: What::Q(&format!("purl~{}", escape_q("pkg:oci/virt-handler-rhel9@sha256%3A507d126fa23811854bb17531194f9e832167022a1a30542561aadfd668bf1542?arch=amd64&os=linux&repository_url=registry.access.redhat.com%2Fcontainer-native-virtualization%2Fvirt-handler-rhel9&tag=v4.17.36-3"))), latest: true, ..Req::default() },
+    all(), 1 // FIXME: I'm not sure what to expect here, we had three matches, from three layers and now only one.
+)]
+#[test_log::test(actix_web::test)]
</code_context>

<issue_to_address>
**issue (testing):** Clarify and codify the expected behavior instead of keeping a FIXME in an assertion

The test currently asserts `total == 1` while a `FIXME` says the correct behavior (one match vs three layer matches) is unknown. This contradiction makes the test fragile and confusing. Please either define and document the intended semantics here and remove the FIXME, or refactor into more specific tests (e.g., per-layer vs latest-only behavior) so the expectations are explicit.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (testing): Clarify and codify the expected behavior instead of keeping a FIXME in an assertion

The test currently asserts total == 1 while a FIXME says the correct behavior (one match vs three layer matches) is unknown. This contradiction makes the test fragile and confusing. Please either define and document the intended semantics here and remove the FIXME, or refactor into more specific tests (e.g., per-layer vs latest-only behavior) so the expectations are explicit.

[codecov]

Codecov Report

❌ Patch coverage is 94.11765% with 1 line in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@545028c). Learn more about missing BASE report.

Files with missing lines	Patch %	Lines
test-context/src/lib.rs	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2180   +/-   ##
=======================================
  Coverage        ?   68.24%           
=======================================
  Files           ?      376           
  Lines           ?    21205           
  Branches        ?    21205           
=======================================
  Hits            ?    14472           
  Misses          ?     5863           
  Partials        ?      870           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.