feat: update workflows internal data structure

[UlisesGascon]

Summary by CodeRabbit

• New Features

  • Workflows now include metadata indicating if they are enabled and if additional data is required.
  • The API and CLI display these new workflow properties, providing clearer workflow status and requirements.
  • Workflow execution responses now include start and finish timestamps and a success flag.

• Bug Fixes

  • Improved validation: Disabled workflows return a 403 error, and workflows requiring extra data return a 400 error if data is missing.

• Documentation

  • OpenAPI documentation updated to reflect new workflow properties, error responses, and reusable schemas.

• Tests

  • Added and updated tests to cover new workflow states and validation scenarios.

[coderabbitai]

Walkthrough

This update introduces new metadata fields (isEnabled, isRequiredAdditionalData, operations) to workflow definitions, enhances validation and response handling in the workflow execution API, and updates tests and OpenAPI documentation accordingly. The changes ensure workflows can be disabled or require additional data, with clear schema definitions and error handling.

Changes

File(s)	Change Summary
src/cli/workflows.js	Added isEnabled, isRequiredAdditionalData, and operations to workflow metadata; updated getWorkflowsDetails return.
src/httpServer/routers/apiV1.js	Enhanced /workflow/:id/run endpoint: validates workflow status, required data, updates response structure and timestamps.
src/httpServer/swagger/api-v1.yml	Introduced reusable Workflow and WorkflowCompleted schemas; updated endpoint responses; added 403 error for disabled workflows.
tests/httpServer/apiV1.test.js	Updated mocks and tests for new workflow properties; added tests for disabled and required-data workflows; adjusted payload structure.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API
    participant WorkflowManager

    Client->>API: POST /api/v1/workflow/:id/run { data }
    API->>WorkflowManager: getWorkflow(id)
    alt Workflow is disabled
        API-->>Client: 403 Forbidden (workflow disabled)
    else Workflow requires data and data missing
        API-->>Client: 400 Bad Request (missing data)
    else Valid workflow and data
        API->>WorkflowManager: runWorkflow(id, data)
        API-->>Client: 202 Accepted { status, result, started, finished }
    end

Loading

Possibly related PRs

• feat: add POST /api/v1/workflow/{workflowId}/run endpoint #241: This PR originally introduced the /api/v1/workflow/:id/run endpoint, which is now extended with enablement and data validation, response enhancements, and updated metadata.

Poem

A rabbit hopped through code anew,
With workflows bright and metadata too.
Now some are paused, some need more data,
The API responds sooner, not later.
Swagger’s schemas clear and neat,
Make VisionBoard changes quite a treat!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

src/httpServer/swagger/api-v1.yml (1)

401-440: Comprehensive Workflow schema with metadata properties.

The Workflow schema properly defines all new metadata fields:

• isEnabled/isRequiredAdditionalData: Boolean flags for workflow control
• operations: Nullable array for workflow-specific operations with schemas

Minor observation: Line 417 defines a schema property at the workflow level, but based on the implementation, schemas are only defined within the operations array. Consider if this top-level schema property is needed.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5fd3908 and e626b94.

⛔ Files ignored due to path filters (1)

• __tests__/cli/__snapshots__/workflows.test.js.snap is excluded by !**/*.snap

📒 Files selected for processing (4)

• __tests__/httpServer/apiV1.test.js (4 hunks)
• src/cli/workflows.js (2 hunks)
• src/httpServer/routers/apiV1.js (2 hunks)
• src/httpServer/swagger/api-v1.yml (3 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/cli/workflows.js (3)

src/workflows/index.js (10)

• require (2-2)
• require (3-3)
• require (4-4)
• require (5-5)
• require (7-7)
• require (8-8)
• updateGithubOrgs (10-29)
• upsertGithubRepositories (31-64)
• runAllTheComplianceChecks (66-77)
• upsertOSSFScorecardAnalysis (79-110)

src/reports/index.js (1)

• generateStaticReports (126-228)

src/cli/index.js (1)

• workflows (2-2)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Playwright Tests

🔇 Additional comments (12)

src/cli/workflows.js (3)

8-8: LGTM: Schema import added for bulk-import workflow.

The import statement correctly loads the JSON schema needed for the bulk-import workflow operations.

---

10-57: Well-structured metadata addition with consistent implementation.

The new metadata properties are consistently added across all workflow definitions:

• isRequiredAdditionalData: Properly indicates data requirements
• isEnabled: Allows workflows to be disabled (notably upsert-ossf-scorecard and bulk-import)
• operations: Only populated for bulk-import with schema validation

The TODO comment on line 46 appropriately flags the bulk-import workflow for future architectural consideration.

---

67-74: Metadata properly exposed in workflow details.

The getWorkflowsDetails function correctly includes all new metadata properties in both the workflows object and workflowsList array, ensuring consistent API responses.

src/httpServer/routers/apiV1.js (3)

186-186: Correct request body handling for nested data structure.

The change from destructuring the entire request body to extracting only the data property aligns with the new API contract where workflow input is nested under a data field.

---

198-204: Robust validation logic with appropriate HTTP status codes.

The validation checks are well-implemented:

• Returns 403 (Forbidden) for disabled workflows - semantically correct as the resource exists but is not allowed
• Returns 400 (Bad Request) for missing required data - proper client error for invalid input

The validation order is logical: check enablement first, then data requirements.

---

210-214: Enhanced response structure with execution timing.

The addition of started and finished timestamps provides valuable execution metadata. The structured response with status, result, and timing information improves API usability and monitoring capabilities.

__tests__/httpServer/apiV1.test.js (3)

13-14: Mock objects properly updated with new metadata properties.

The mock workflow objects now include the required isEnabled and isRequiredAdditionalData properties, ensuring tests accurately reflect the new workflow structure.

Also applies to: 19-19

---

196-196: Test payload structure aligned with API changes.

The change from sending raw data to nesting it under a data property correctly reflects the updated API contract.

---

219-263: Comprehensive test coverage for new validation scenarios.

Excellent test coverage added for the new validation logic:

• Lines 219-240: Tests disabled workflow returns 403 Forbidden
• Lines 242-263: Tests missing required data returns 400 Bad Request

Both tests properly mock the workflow metadata and verify correct error responses. The test structure follows established patterns and includes appropriate assertions.

src/httpServer/swagger/api-v1.yml (3)

57-57: Improved schema reusability with component references.

Replacing inline schemas with component references ($ref: '#/components/schemas/Workflow' and $ref: '#/components/schemas/WorkflowCompleted') eliminates duplication and improves maintainability of the API specification.

Also applies to: 101-101

---

108-113: Added 403 response for disabled workflows.

The new 403 response properly documents the case when a workflow is disabled, matching the validation logic implemented in the API router.

---

370-400: Well-defined WorkflowCompleted schema.

The new component schema accurately models the enhanced workflow execution response:

• status: Execution status
• result: Contains message and success flag
• started/finished: ISO datetime timestamps

All properties are appropriately marked as required and include realistic examples.