Skip to content

refactor: use provider name as canonical DB foreign key#190

Merged
coopernetes merged 4 commits into
mainfrom
fix/provider-name-as-fk
May 3, 2026
Merged

refactor: use provider name as canonical DB foreign key#190
coopernetes merged 4 commits into
mainfrom
fix/provider-name-as-fk

Conversation

@coopernetes
Copy link
Copy Markdown
Member

@coopernetes coopernetes commented May 3, 2026
edited
Loading

closes #188

Summary

Provider FK refactor:

  • GitProxyProvider.getProviderId() now returns getName() instead of type/host
  • ProviderRegistry.resolveProvider() simplified — type/host fallback removed
  • JettyConfigurationBuilder: removed redundant duplicate-detection map, updated error messages
  • ProfileController + UserController: removed the provider.replace('@', '/') decode hack
  • api.ts: removed providerToPathKey and its call sites — provider names are safe in URL path segments
  • New tests: two-provider same-type scenario (github + internal-github sharing type=github with different hostnames)

Container scan fixes (both workflows):

  • Pre-install our checksum-verified grype binary before anchore/scan-action runs — drops grype-version so scan-action uses the PATH binary instead of downloading grype's install.sh from main (which constructs invalid release tag URLs and 404s)
  • Bumped grype to 0.112.0 in both container-scan.yml and docker-publish.yml
  • docker-publish.yml: removed the broken find /opt/hostedtoolcache/grype step that was silently failing

Data migration (run before deploying)

The following SQL renames existing type/host values to provider names. Adjust pairs to match your git-proxy.yml.

To find what's currently stored:

SELECT DISTINCT provider FROM push_records;
SELECT DISTINCT provider FROM user_scm_identities;

For a standard single-GitHub deployment (github/github.comgithub):

-- user_scm_identities and scm_token_cache have composite PKs that include provider,
-- so they need insert+delete rather than a plain UPDATE.

INSERT INTO user_scm_identities (username, provider, scm_username, verified, source)
    SELECT username, 'github', scm_username, verified, source
    FROM user_scm_identities WHERE provider = 'github/github.com';
DELETE FROM user_scm_identities WHERE provider = 'github/github.com';

INSERT INTO scm_token_cache (token_hash, provider, username, cached_at, expires_at)
    SELECT token_hash, 'github', username, cached_at, expires_at
    FROM scm_token_cache WHERE provider = 'github/github.com';
DELETE FROM scm_token_cache WHERE provider = 'github/github.com';

UPDATE repo_permissions  SET provider = 'github' WHERE provider = 'github/github.com';
UPDATE access_rules      SET provider = 'github' WHERE provider = 'github/github.com';
UPDATE push_records      SET provider = 'github' WHERE provider = 'github/github.com';
UPDATE fetch_records     SET provider = 'github' WHERE provider = 'github/github.com';

For additional providers repeat the block with the appropriate pair (e.g. gitlab/gitlab.comgitlab). A parameterised template is in scripts/migrate-provider-ids.sql.

Test plan

  • All unit tests pass (./gradlew test)
  • Run data migration SQL against DB before starting new version
  • Push through proxy; confirm push_records.provider shows github (not github/github.com)
  • Add/remove SCM identity on profile page; confirm no @ encoding in URL
  • Container scan passes on tag push; confirm latest is only updated after scan clears

@coopernetes @claude
refactor: use provider name as canonical DB foreign key
441d707 
Replace the type/host compound key (e.g. github/github.com) with the
user-configured provider name (e.g. github, internal-github) as the
canonical identifier stored in all provider FK columns.

Provider names are unique by YAML map key constraint, stable across
hostname changes, and human-readable — removing the need for the
type/host compound key entirely.

Changes:
- GitProxyProvider.getProviderId() now returns getName()
- ProviderRegistry.resolveProvider() simplified; type/host fallback removed
- JettyConfigurationBuilder: removed seenProviderIds conflict map (redundant),
  updated error messages and Javadocs
- ProfileController + UserController: removed provider.replace('@', '/') decode
- api.ts: removed providerToPathKey function and its two call sites
- scripts/migrate-provider-ids.sql: one-off UPDATE script for existing installs
- Tests: updated all provider ID assertions, removed backwards-compat test,
  added two tests for same-type multi-provider (github + internal-github)

closes #188

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coopernetes coopernetes added this to the 1.0.0 milestone May 3, 2026
coopernetes added 3 commits May 3, 2026 13:49
@coopernetes
fix: pre-install grype ourselves, drop grype-version from scan-action
497a349 
scan-action downloads grype's install.sh from main at runtime and passes
the version directly — the script constructs releases/{version} URLs
which 404 for non-latest versions. Pre-install our checksum-verified
binary first so scan-action uses the PATH binary instead.
@coopernetes
chore: bump grype to 0.112.0
80e0552
@coopernetes
fix: pre-install grype in docker-publish scan job, bump to 0.112.0
294f542 
Same broken pattern as container-scan.yml — scan-action was downloading
grype's install.sh from main which constructs invalid release tag URLs.
Pre-install our checksum-verified binary first, drop grype-version.
@coopernetes coopernetes enabled auto-merge (squash) May 3, 2026 17:56
@coopernetes coopernetes merged commit 9ba3020 into main May 3, 2026
13 checks passed
@coopernetes coopernetes deleted the fix/provider-name-as-fk branch May 3, 2026 17:58
This was referenced May 3, 2026
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.0.0

Development

Successfully merging this pull request may close these issues.

UX: replace type/host compound key with provider name in UI display

1 participant

@coopernetes