Merge the update from main to the e2e feature branch #3196
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [globals](https://github.com/sindresorhus/globals) from 16.5.0 to 17.0.0. - [Release notes](https://github.com/sindresorhus/globals/releases) - [Commits](sindresorhus/globals@v16.5.0...v17.0.0) --- updated-dependencies: - dependency-name: globals dependency-version: 17.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* ci: move permissions to job level * Update code * ci: move workflow permissions to job level --------- Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
* Update CONTRIBUTING.md w/ a workflow diagram * We don't even use it in docs :man-shrugging: ? * Dark theme updates * Update colors
* add ZAP Baseline Scan into CI/CD * add ZAP Baseline Scan to CI/CD * Update ZAP Baseline Scan action version * Update code --------- Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
…issions (OWASP#3174) * CI hardening: pin actions to SHAs and set explicit permissions * Update code --------- Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
* feat: add contribution_data field to Chapter and Project models * Create migration 0066 to add fields to database * add management command to aggregate contributions -commits, issues, PRs, and releases -support --entity-type, --days(default 365), --key, --offset * expose contribution_data in GraphQL API - Add contribution_data field to ChapterNode - Add contribution_data field to ProjectNode * refactor: extract contribution date aggregation into a separate method(tackling coderabbitai suggetions) * test: add contribution_data to the test's expected field names set. * test: add unit tests for ChapterNode field resolutions and configurations * test: add unit tests for owasp_aggregate_contributions management command * feat: add contributionData to GraphQL queries * feat: update TypeScript types for contribution data * feat: add contributionData field to both project and chapter nodes * fixed linting errors * fixed failed tests in chapter_test.py * fixed backend tests in owasp_aggregate_contributions_test.py * feat: add contribution heatmap to chapter details page * feat: integrate contribution heatmap into project details page * feat: enhance contribution heatmap component with isCompact prop * apply variant compact * feat: add contribution stats and heatmap to chapter and project details pages * make chapter page same as project page * reduce the gap between the cards * optimize queryset by select_related for owasp_repository * feat: optimize project queryset with select_related and prefetch_related * chapter contribution aggregation tests * fix: update contribution_data test to assert field type * update contribution stats calculation to provide estimated values * fix: handle null contribution stats in project and chapter details sonarcloud suggestion * fixing sonalcloud errors * run pnpm lint * adjust layout and formatting * fixedbackend testcases * remove redundant code in project and chapter * make another component for github stats * fixing sonar issues * fixing tests * remove unused variables * refactor: improve heatmap series generation and chart options * fixing sonar cloud issues * fix make check * fixing sonarcloud issues * handling null/undefined values * include test identifiers * add tests for ContributionStats component * sort active chapters and projects * added trailing whitespace * apply make check * pnpm run lint -- --fix * removing sonarcloud issues with contributionheatmap and contributionstats * add contribution_stats field to Chapter and Project models for github stats * add contribution_stats field to Chapter and Project GraphQL nodes * add contribution statistics calculation for chapters and projects * add contribution_stats fields to Chapter and Project migrations * add contributionStats field to Project type * add contributionStats field to Chapter type * run pnpm run --graphql-codegen to update the generated types * add contributionStats field to GET_CHAPTER_DATA and GET_PROJECT_DATA queries * create contributionDataUtils file for handling contribution stats logic * refactor: replace estimeted contribution stats with actual * added tests for contributionStats field * Run pre-commit * add .slice().reverse() for compatibility * resolve some issues by coderabbitai * make check * made the contributionheatmap responsive for both project and chapter pages * fixed failed testcases * fixing contributionheatmap for tests * run pnpm run test:unit * make check * fixing sonarcloud issues * adjust heatmap chart dimensions for better responsiveness * update command in backend/Makefile to aggregate contributions * change makefile to add owasp-aggregate-contributions target * regenerate owasp migration 0067_chapter_contribution_stats_and_more * refactor migration 0067 to improve code readability and formatting * fix: update date in ProgramCard test to reflect correct end date * style: update padding and heading size in CardDetailsPage test * fix: update ContributionHeatmap test to reflect correct class names and attributes * test: add variant rendering tests for ContributionHeatmap (coderabbitai) * fixing the test for programCard * added contribution_stats field to ProjectNode and ChapterNode * fix: optimize chapter and project queryset with select_related and prefetch_related(coderabbitai) * Update code * update contributionsStats * update frontend code * Update code * update scollbar suggetions * resolve PR issues and change UI * apply sonarcloud issues * update coderabbitai suggestions * Update scrollbar styling. Refactor code. * Update code * Fix year range showing data for 53 weeks when on Sunday --------- Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org> Co-authored-by: Kate <kate@kgthreads.com> Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
* add leaders * test: add real leader names * use EntityMember data for leaders * rename leaders -> leader_names * use compact leader objects --------- Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
…SP#3193) Bumps [strawberry-graphql-django](https://github.com/strawberry-graphql/strawberry-django) from 0.72.2 to 0.73.0. - [Release notes](https://github.com/strawberry-graphql/strawberry-django/releases) - [Changelog](https://github.com/strawberry-graphql/strawberry-django/blob/main/CHANGELOG.md) - [Commits](strawberry-graphql/strawberry-django@0.72.2...v0.73.0) --- updated-dependencies: - dependency-name: strawberry-graphql-django dependency-version: 0.73.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions
bot
added
docs
Contributor
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings. WalkthroughThis PR introduces contribution statistics tracking for chapters and projects, reorganizes Docker build paths, updates GitHub Actions workflow permission scoping to per-job level, fixes typos in Ansible tasks, and expands frontend components for displaying contribution data with heatmaps and statistics. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Suggested reviewers
Pre-merge checks and finishing touches❌ Failed checks (1 warning, 1 inconclusive)
✅ Passed checks (1 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
PR validation failed: No linked issue and no valid closing issue reference in PR description |
|
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 4
Fix all issues with AI Agents 🤖
In @.github/workflows/run-ci-cd.yaml:
- Around line 768-791: The artifact name for ZAP reports is identical for both
run-staging-zap-baseline-scan and run-production-zap-baseline-scan which can
cause one upload to overwrite the other; update the Upload ZAP report step in
both jobs to append an environment-specific suffix (e.g., -staging or
-production) to the artifact name (currently "zap-baseline-scan-report-${{
github.run_id }}") and likewise differentiate the report file path/name (e.g.,
zap-report-staging.html) so both artifacts are uniquely named and cannot
collide.
- Line 175: The CI job uses an inconsistent build context value; change the
context key that currently reads "context: docker/backend" to "context: backend"
so it matches the other build jobs (and the Dockerfile paths like "file:
docker/backend/Dockerfile.test"); update the single occurrence of "context:
docker/backend" in .github/workflows/run-ci-cd.yaml to "context: backend".
In @CONTRIBUTING.md:
- Around line 475-549: The policy sentence that reads "you will not be assigned
to new issues if you ignore this" (the text next to the RunChecks node
referencing `make check-test`) is misleading; edit that diagram text so it
instead states that running `make check-test` locally is required to help ensure
CI/CD passes and avoid automated CI failures on submitted PRs, not a condition
for being assigned to issues—keep the `make check-test` emphasis but replace the
assignment restriction wording with a clarification about preventing CI/CD
failures.
In @docker/backend/Dockerfile:
- Line 39: The COPY instruction in the Dockerfile currently lists entrypoint.sh,
manage.py, and wsgi.py without their directory prefix; update the COPY command
that references those three filenames so each source includes the backend/
prefix (i.e., copy backend/entrypoint.sh, backend/manage.py and backend/wsgi.py
into the image) to avoid "file not found" errors during docker build.
🧹 Nitpick comments (14)
cspell/cspell.json (1)
40-40: Redundant glob pattern in files array.The pattern
"**/*"already matches all files recursively, including those under.github/. Explicitly adding".github/**/*"is redundant and doesn't change the behavior.🔎 Proposed fix
- "files": ["**/*", ".github/**/*"], + "files": ["**/*"],docker/cspell/Dockerfile (1)
19-21: Consider adding a comment to clarify the dual-directory pattern.The Dockerfile installs dependencies in
/opt/nodebut switches the working directory to/nestbefore setting the entrypoint. This pattern works correctly (the entrypoint uses the absolute path to cspell), and/nestappears intended for runtime volume mounting. However, this might be confusing during maintenance.💡 Optional: Add clarifying comments
+# Install dependencies in /opt/node to keep them separate from the source code WORKDIR /opt/node ENV PNPM_HOME="/pnpm" ENV NPM_CONFIG_RETRY=5 \ NPM_CACHE="/nest/.npm" \ NPM_CONFIG_TIMEOUT=30000 \ PATH="$PNPM_HOME:$PATH" RUN --mount=type=cache,target=${NPM_CACHE} \ npm install --ignore-scripts -g pnpm --cache ${NPM_CACHE} COPY package.json pnpm-lock.yaml ./ RUN --mount=type=cache,id=pnpm,target=/pnpm/store \ pnpm install --frozen-lockfile --ignore-scripts +# Switch to /nest - this directory is expected to be mounted at runtime with code to check WORKDIR /nest +# Use absolute path to cspell since node_modules are in /opt/node ENTRYPOINT ["/opt/node/node_modules/.bin/cspell"]proxy/production.conf (1)
35-37: LGTM: Correct pattern for nginx header inheritance.Re-including
/etc/nginx/headers.confwithin the location blocks addresses nginx's behavior whereadd_headerdirectives in a location block override all inheritedadd_headerdirectives from parent blocks. Since both location blocks useadd_header X-Cache-Status, the headers from the server-level include (line 21) wouldn't be applied without this re-inclusion.Optionally verify that
headers.confdoesn't contain directives that could cause unexpected behavior when included multiple times.#!/bin/bash # Verify the contents of headers.conf to ensure no unintended side effects from re-inclusion fd -e conf -x cat {} \; | rg -A2 -B2 'headers\.conf' cat proxy/headers.conf 2>/dev/null || echo "headers.conf not found in provided files"Also applies to: 51-53
backend/tests/apps/api/rest/v0/project_test.py (1)
30-47: Consider extracting shared mock classes to a test utility module.The
MockMemberandMockEntityMemberclasses are duplicated inbackend/tests/apps/api/rest/v0/chapter_test.py(lines 34-41). Extracting these to a shared test utility module (e.g.,backend/tests/apps/api/rest/v0/conftest.pyorbackend/tests/apps/api/rest/v0/test_utils.py) would improve maintainability and reduce duplication.🔎 Proposed refactor to extract shared test utilities
Create a new file
backend/tests/apps/api/rest/v0/test_utils.py:class MockMember: def __init__(self, login): self.login = login class MockEntityMember: def __init__(self, name, login=None): self.member = MockMember(login) if login else None self.member_name = nameThen import in both test files:
from .test_utils import MockMember, MockEntityMemberbackend/apps/owasp/models/project.py (1)
99-112: Field definitions are correct and match the migration.The new
contribution_dataandcontribution_statsJSONField attributes are properly defined with appropriate verbose names and help text. The fields integrate well with the GraphQL API layer'sdeep_camelizeresolvers.Consider standardizing NULL vs empty dict handling.
The combination of
default=dictwithnull=Trueallows the field to be eitherNULLor{}(empty dict), which can lead to inconsistent state representation. For new fields, consider using either:
default=dictwithnull=False(always have a dict, never NULL), ordefault=Nonewithnull=True(explicitly handle NULL as "no data")This pattern may be intentional for migration compatibility with existing records, but for consistency in future queries and serialization, it's worth standardizing the empty-state representation.
backend/tests/apps/owasp/api/internal/nodes/chapter_test.py (1)
65-92: Good test coverage for the camelCase transformation.The test correctly verifies that snake_case keys are transformed to camelCase. However, accessing
field.base_resolver.wrapped_funcrelies on Strawberry's internal structure, which could break with library updates.Consider adding a comment noting this dependency on Strawberry internals, or alternatively test via GraphQL query execution for more robust integration testing.
frontend/src/utils/dateFormatter.ts (2)
83-94: Consider adding documentation for the week-alignment logic.The
calculateDaysToSubtractandadjustDateForYearOnlyfunctions implement Saturday boundary alignment, but the rationale isn't immediately clear from the code. The formuladayOfWeek === 0 ? -1 : -(dayOfWeek + 1)aligns all dates to the previous Saturday, which may not be obvious to future maintainers.💡 Suggested documentation improvements
+/** + * Calculate days to subtract to align to the previous Saturday. + * Used for creating consistent year-over-year comparison ranges. + */ function calculateDaysToSubtract(dayOfWeek: number): number { + // Sunday (0) → -1 (Saturday), Monday (1) → -2 (Saturday), etc. return dayOfWeek === 0 ? -1 : -(dayOfWeek + 1) } +/** + * Adjust date range for year-only requests to align to Saturday boundaries. + * Creates a consistent 52-week (364-day) range ending on Saturday. + */ function adjustDateForYearOnly(today: Date, endDate: Date, startDate: Date): void {
104-122: Consider input validation for date range options.The function accepts
years,months, anddaysparameters but doesn't validate that they're non-negative. Negative values could produce unexpected results.💡 Add validation for options
export function getDateRange(options: DateRangeOptions = {}): DateRangeResult { const { years = 0, months = 0, days = 0 } = options + + if (years < 0 || months < 0 || days < 0) { + throw new Error('Date range options must be non-negative') + } const today = new Date()frontend/src/components/ContributionStats.tsx (1)
52-60: Consider using a more appropriate icon for the Total stat.The Total stat block currently uses
FaCodeBranch, which is the same icon as PRs. Consider using a different icon (e.g.,FaChartLineor a sum/total icon) to provide visual distinction and semantic clarity.frontend/src/components/CardDetailsPage.tsx (2)
51-58: Consider consolidating identical predicates.
showIssuesAndMilestonesandshowPullRequestsAndReleaseshave identical implementations. If they're meant to represent the same set of types, consider consolidating into a single predicate or extracting the shared type list to reduce duplication and future maintenance risk.🔎 Suggested consolidation
+const STATS_CARD_TYPES: CardType[] = ['organization', 'project', 'repository', 'user'] + const showStatistics = (type: CardType): boolean => ['committee', 'organization', 'project', 'repository', 'user'].includes(type) -const showIssuesAndMilestones = (type: CardType): boolean => - ['organization', 'project', 'repository', 'user'].includes(type) - -const showPullRequestsAndReleases = (type: CardType): boolean => - ['organization', 'project', 'repository', 'user'].includes(type) +const showIssuesAndMilestones = (type: CardType): boolean => + STATS_CARD_TYPES.includes(type) + +const showPullRequestsAndReleases = (type: CardType): boolean => + STATS_CARD_TYPES.includes(type)
263-289: Contribution section uses direct type check instead of predicate.For consistency with the new predicate pattern used elsewhere (
showStatistics,showIssuesAndMilestones), consider extracting ashowContributionspredicate for theprojectandchaptertypes check at line 263. This maintains the abstraction pattern established in this refactor.🔎 Proposed predicate
+const showContributions = (type: CardType): boolean => + ['project', 'chapter'].includes(type) -{(type === 'project' || type === 'chapter') && (contributionData || contributionStats) && ( +{showContributions(type) && (contributionData || contributionStats) && (frontend/src/components/ContributionHeatmap.tsx (3)
15-48: Extract common date fallback logic to reduce duplication.The fallback date generation logic is duplicated three times (lines 15-26, 31-42, and implicitly in the swap at 44-48). Consider extracting a helper function to improve maintainability.
🔎 Proposed extraction
+const getDefaultDateRange = (): { start: string; end: string } => { + const defaultEnd = new Date() + defaultEnd.setUTCHours(0, 0, 0, 0) + const defaultStart = new Date() + defaultStart.setUTCHours(0, 0, 0, 0) + defaultStart.setUTCFullYear(defaultEnd.getUTCFullYear() - 1) + return { + start: defaultStart.toISOString().split('T')[0], + end: defaultEnd.toISOString().split('T')[0], + } +} const generateHeatmapSeries = ( startDate: string, endDate: string, contributionData: Record<string, number> ) => { if (!startDate || !endDate) { - const defaultEnd = new Date() - defaultEnd.setUTCHours(0, 0, 0, 0) - const defaultStart = new Date() - defaultStart.setUTCHours(0, 0, 0, 0) - defaultStart.setUTCFullYear(defaultEnd.getUTCFullYear() - 1) - return generateHeatmapSeries( - defaultStart.toISOString().split('T')[0], - defaultEnd.toISOString().split('T')[0], - contributionData - ) + const { start, end } = getDefaultDateRange() + return generateHeatmapSeries(start, end, contributionData) } // ... similar for the isNaN check
274-288: Consider extracting magic numbers as named constants.The width calculation uses several magic numbers (13.4, 19.5, 40, 50, 400, 600) that would benefit from descriptive constant names to clarify their purpose and improve maintainability.
🔎 Example extraction
+const COMPACT_PIXEL_PER_WEEK = 13.4 +const COMPACT_PADDING = 40 +const COMPACT_MIN_WIDTH = 400 +const DEFAULT_PIXEL_PER_WEEK = 19.5 +const DEFAULT_PADDING = 50 +const DEFAULT_MIN_WIDTH = 600 const calculateChartWidth = useMemo(() => { const weeksCount = heatmapSeries[0]?.data?.length || 0 if (isCompact) { - const pixelPerWeek = 13.4 - const padding = 40 - const calculatedWidth = weeksCount * pixelPerWeek + padding - return Math.max(400, calculatedWidth) + const calculatedWidth = weeksCount * COMPACT_PIXEL_PER_WEEK + COMPACT_PADDING + return Math.max(COMPACT_MIN_WIDTH, calculatedWidth) } // ... }, [heatmapSeries, isCompact])
300-314: Inline styles duplicate tooltip configuration.The
<style>block (lines 300-314) duplicates the tooltip styling already defined ingetChartOptions(lines 196-207). This redundancy could lead to styling inconsistencies if one is updated without the other. Consider removing the inline style block and relying solely on the chart options, or consolidating the CSS.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (7)
backend/poetry.lockis excluded by!**/*.lockcspell/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamldocs/poetry.lockis excluded by!**/*.lockfrontend/pnpm-lock.yamlis excluded by!**/pnpm-lock.yamlfrontend/src/types/__generated__/chapterQueries.generated.tsis excluded by!**/__generated__/**frontend/src/types/__generated__/graphql.tsis excluded by!**/__generated__/**frontend/src/types/__generated__/projectQueries.generated.tsis excluded by!**/__generated__/**
📒 Files selected for processing (83)
.github/ansible/production/nest.yaml.github/ansible/production/proxy.yaml.github/ansible/staging/nest.yaml.github/ansible/staging/proxy.yaml.github/dependabot.yml.github/workflows/check-pr-issue.yaml.github/workflows/label-issues.yaml.github/workflows/label-pull-requests.yaml.github/workflows/run-ci-cd.yaml.github/workflows/run-code-ql.yaml.github/workflows/setup-backend-environment/action.yaml.github/workflows/update-nest-test-images.yamlCONTRIBUTING.mdMakefileREADME.mdbackend/Makefilebackend/apps/api/rest/v0/chapter.pybackend/apps/api/rest/v0/common.pybackend/apps/api/rest/v0/project.pybackend/apps/common/management/commands/purge_data.pybackend/apps/core/utils/index.pybackend/apps/owasp/Makefilebackend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/owasp/api/internal/nodes/project.pybackend/apps/owasp/management/commands/owasp_aggregate_contributions.pybackend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.pybackend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.pybackend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.pybackend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.pybackend/apps/owasp/models/chapter.pybackend/apps/owasp/models/project.pybackend/data/nest.dumpbackend/entrypoint.shbackend/pyproject.tomlbackend/tests/apps/api/rest/v0/chapter_test.pybackend/tests/apps/api/rest/v0/project_test.pybackend/tests/apps/owasp/api/internal/nodes/chapter_test.pybackend/tests/apps/owasp/api/internal/nodes/project_test.pybackend/tests/apps/owasp/management/commands/owasp_aggregate_contributions_test.pycspell/cspell.jsoncspell/custom-dict.txtcspell/package.jsondocker-compose/e2e/compose.yamldocker-compose/fuzz/compose.yamldocker-compose/local/compose.yamldocker/backend/Dockerfiledocker/backend/Dockerfile.fuzzdocker/backend/Dockerfile.localdocker/backend/Dockerfile.testdocker/backend/entrypoint.fuzz.shdocker/cspell/Dockerfiledocker/docs/Dockerfile.localdocker/frontend/Dockerfiledocker/frontend/Dockerfile.e2e.testdocker/frontend/Dockerfile.localdocker/frontend/Dockerfile.unit.testdocs/index.mdfrontend/Makefilefrontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/__tests__/unit/components/ContributionHeatmap.test.tsxfrontend/__tests__/unit/components/ContributionStats.test.tsxfrontend/graphql-codegen.tsfrontend/package.jsonfrontend/src/app/board/[year]/candidates/page.tsxfrontend/src/app/chapters/[chapterKey]/page.tsxfrontend/src/app/page.tsxfrontend/src/app/projects/[projectKey]/page.tsxfrontend/src/components/CardDetailsPage.tsxfrontend/src/components/ContributionHeatmap.tsxfrontend/src/components/ContributionStats.tsxfrontend/src/components/SponsorCard.tsxfrontend/src/server/queries/chapterQueries.tsfrontend/src/server/queries/projectQueries.tsfrontend/src/types/card.tsfrontend/src/types/chapter.tsfrontend/src/types/project.tsfrontend/src/utils/aboutData.tsfrontend/src/utils/contributionDataUtils.tsfrontend/src/utils/dateFormatter.tsfrontend/src/utils/metadata.tsmkdocs.yamlproxy/production.confproxy/staging.conf
💤 Files with no reviewable changes (1)
- backend/apps/common/management/commands/purge_data.py
🧰 Additional context used
🧠 Learnings (35)
📚 Learning: 2025-10-26T12:50:50.512Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 2429
File: backend/Makefile:30-32
Timestamp: 2025-10-26T12:50:50.512Z
Learning: The `exec-backend-e2e-command` and `exec-db-e2e-command` Makefile targets in the backend/Makefile are intended for local development and debugging only, not for CI/CD execution, so the `-it` flags are appropriate.
Applied to files:
docker-compose/e2e/compose.yamlfrontend/Makefilebackend/Makefile
📚 Learning: 2025-12-26T06:08:58.549Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 3041
File: .github/workflows/run-ci-cd.yaml:233-243
Timestamp: 2025-12-26T06:08:58.549Z
Learning: Ensure Redis image versions stay in sync across all environments by updating every relevant YAML file together (docker-compose files and CI/CD workflow configurations). When upgrading Redis, bump the image version in all docker-compose files and in all CI workflow YAMLs in one coordinated change to maintain parity across production, staging, local, E2E, and CI tests.
Applied to files:
docker-compose/e2e/compose.yamldocker-compose/local/compose.yamlmkdocs.yamldocker-compose/fuzz/compose.yaml
📚 Learning: 2025-12-26T06:09:08.868Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 3041
File: .github/workflows/run-ci-cd.yaml:233-243
Timestamp: 2025-12-26T06:09:08.868Z
Learning: For the OWASP/Nest repository, Redis image versions should remain consistent across all environments (production, staging, local, E2E, and CI/CD E2E tests). When upgrading Redis, update all docker-compose files and CI/CD workflow configurations together to maintain environment parity.
Applied to files:
.github/workflows/setup-backend-environment/action.yaml.github/workflows/update-nest-test-images.yaml.github/workflows/run-ci-cd.yaml
📚 Learning: 2025-10-17T15:25:55.624Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2431
File: infrastructure/providers.tf:1-3
Timestamp: 2025-10-17T15:25:55.624Z
Learning: The infrastructure code in the OWASP/Nest repository (infrastructure/ directory) is intended for quick testing purposes only, not for production deployment.
Applied to files:
.github/workflows/setup-backend-environment/action.yamldocs/index.mdREADME.md.github/workflows/run-ci-cd.yaml
📚 Learning: 2025-12-21T19:03:59.068Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1139
File: .github/workflows/setup-backend-environment/action.yaml:16-27
Timestamp: 2025-12-21T19:03:59.068Z
Learning: Composite actions (runs: using: composite) execute as steps within the calling job's context and can access the job context, including job.services.* properties (e.g., job.services.<service_id>.id, job.services.<service_id>.ports). Service containers must be defined at the job level, but a composite action's steps can reference them via the job context.
Applied to files:
.github/workflows/setup-backend-environment/action.yaml.github/workflows/run-code-ql.yaml.github/workflows/label-pull-requests.yaml.github/workflows/update-nest-test-images.yaml.github/workflows/run-ci-cd.yaml.github/workflows/label-issues.yaml.github/workflows/check-pr-issue.yaml
📚 Learning: 2025-12-31T05:17:39.659Z
Learnt from: kart-u
Repo: OWASP/Nest PR: 3101
File: backend/apps/common/extensions.py:92-98
Timestamp: 2025-12-31T05:17:39.659Z
Learning: In this codebase, import OperationType for GraphQL operations from the graphql-core package rather than from strawberry. Use 'from graphql import OperationType'. Strawberry re-exports via graphql-core internally, so relying on strawberry's API may be brittle. Apply this rule to all Python files that deal with GraphQL operation types; ensure imports come from graphql (graphql-core) and not from strawberry packages. This improves compatibility and avoids coupling to strawberry's internals.
Applied to files:
backend/tests/apps/api/rest/v0/project_test.pybackend/apps/owasp/models/chapter.pybackend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/api/rest/v0/common.pybackend/tests/apps/owasp/api/internal/nodes/chapter_test.pybackend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.pybackend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.pybackend/tests/apps/owasp/api/internal/nodes/project_test.pybackend/apps/owasp/api/internal/nodes/project.pybackend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.pybackend/apps/owasp/models/project.pybackend/apps/owasp/management/commands/owasp_aggregate_contributions.pybackend/tests/apps/owasp/management/commands/owasp_aggregate_contributions_test.pybackend/tests/apps/api/rest/v0/chapter_test.pybackend/apps/api/rest/v0/project.pybackend/apps/core/utils/index.pybackend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.pybackend/apps/api/rest/v0/chapter.py
📚 Learning: 2026-01-01T17:48:23.963Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2948
File: backend/apps/owasp/management/commands/owasp_generate_community_snapshot_video.py:41-47
Timestamp: 2026-01-01T17:48:23.963Z
Learning: In Django code, be aware that a QuerySet's boolean evaluation (e.g., if not queryset) runs a database query to determine emptiness. While it is technically valid to use the queryset in a boolean context, use queryset.exists() for existence checks to avoid unnecessary queries and improve performance. Applicable broadly to Python/Django files rather than just this specific path.
Applied to files:
backend/tests/apps/api/rest/v0/project_test.pybackend/apps/owasp/models/chapter.pybackend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/api/rest/v0/common.pybackend/tests/apps/owasp/api/internal/nodes/chapter_test.pybackend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.pybackend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.pybackend/tests/apps/owasp/api/internal/nodes/project_test.pybackend/apps/owasp/api/internal/nodes/project.pybackend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.pybackend/apps/owasp/models/project.pybackend/apps/owasp/management/commands/owasp_aggregate_contributions.pybackend/tests/apps/owasp/management/commands/owasp_aggregate_contributions_test.pybackend/tests/apps/api/rest/v0/chapter_test.pybackend/apps/api/rest/v0/project.pybackend/apps/core/utils/index.pybackend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.pybackend/apps/api/rest/v0/chapter.py
📚 Learning: 2025-07-28T14:51:14.736Z
Learnt from: adithya-naik
Repo: OWASP/Nest PR: 1894
File: frontend/src/components/TopContributorsList.tsx:74-74
Timestamp: 2025-07-28T14:51:14.736Z
Learning: In the OWASP/Nest project, the maintainer adithya-naik prefers not to create separate components for code that's only used in two specific cases, following the YAGNI principle to avoid over-engineering when the duplication is limited and manageable.
Applied to files:
docs/index.mdREADME.mdCONTRIBUTING.md
📚 Learning: 2025-08-01T04:15:32.151Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1823
File: frontend/__tests__/e2e/pages/Login.spec.ts:28-34
Timestamp: 2025-08-01T04:15:32.151Z
Learning: In the OWASP Nest project, the login page (/auth/login) handles only authentication (GitHub OAuth) and does not differentiate between OWASP staff and non-staff users. The role-based access control using the is_owasp_staff field happens after authentication in downstream components like DashboardWrapper and ProjectsWrapper, not during the login process itself.
Applied to files:
docs/index.mdREADME.md
📚 Learning: 2025-10-17T15:25:34.963Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2431
File: infrastructure/modules/cache/main.tf:30-30
Timestamp: 2025-10-17T15:25:34.963Z
Learning: The infrastructure/Terraform code in the OWASP Nest repository under the `infrastructure/` directory is intended for quick testing purposes only, not for production deployment.
Applied to files:
docs/index.mdREADME.md
📚 Learning: 2025-04-06T06:57:42.144Z
Learnt from: yashgoyal0110
Repo: OWASP/Nest PR: 0
File: :0-0
Timestamp: 2025-04-06T06:57:42.144Z
Learning: In the OWASP/Nest project, type annotations have been added to Python functions using the -> notation to specify return types (e.g., -> None, -> str) and parameter typing.
Applied to files:
docs/index.mdREADME.md
📚 Learning: 2025-06-18T20:00:23.899Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1634
File: frontend/src/app/api/auth/[...nextauth]/route.ts:30-55
Timestamp: 2025-06-18T20:00:23.899Z
Learning: The OWASP Nest application has logging disabled, so avoid suggesting console.log, console.error, or any other logging statements in code review suggestions.
Applied to files:
docs/index.mdREADME.md
📚 Learning: 2025-07-08T17:07:50.988Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1714
File: frontend/src/components/ProjectTypeDashboardCard.tsx:8-12
Timestamp: 2025-07-08T17:07:50.988Z
Learning: In the OWASP/Nest project, union types for component props are not necessary when they would require creating separate type definitions. The project prefers inline prop type definitions even for props with specific string values, maintaining consistency with the single-use component prop pattern.
Applied to files:
docs/index.mdfrontend/src/utils/aboutData.tsREADME.md
📚 Learning: 2025-07-08T16:25:39.325Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1714
File: frontend/__tests__/unit/data/mockProjectsDashboardOverviewData.ts:12-14
Timestamp: 2025-07-08T16:25:39.325Z
Learning: In the OWASP Nest project, exact mathematical accuracy in mock data is not required. Mock data values can be simplified or rounded for testing purposes, as the focus is on testing functionality rather than precise calculations.
Applied to files:
docs/index.md
📚 Learning: 2025-07-03T03:47:05.436Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1675
File: backend/apps/owasp/graphql/queries/project_health_metrics.py:13-21
Timestamp: 2025-07-03T03:47:05.436Z
Learning: The OWASP Nest project does not use async operations anywhere in the codebase and doesn't have the required database driver for async operations. All database methods and GraphQL resolvers should remain synchronous to maintain consistency with the existing architecture.
Applied to files:
docs/index.md
📚 Learning: 2025-07-16T13:49:58.648Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: backend/apps/mentorship/graphql/mutations/module.py:28-29
Timestamp: 2025-07-16T13:49:58.648Z
Learning: In the OWASP Nest mentorship system, mentors can be created with only github_user initially (without nest_user) when assigned to modules. This allows mentors to be assigned before they've signed into the system. When these users eventually sign in, the nest_user is automatically linked to the existing github_user, creating a complete mentor profile. This design provides flexibility in mentor assignment workflows.
Applied to files:
docs/index.mdREADME.md
📚 Learning: 2025-09-17T02:42:41.928Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 2288
File: frontend/src/components/ActionButton.tsx:0-0
Timestamp: 2025-09-17T02:42:41.928Z
Learning: In frontend/src/components/ActionButton.tsx, the user Rajgupta36 intentionally changed text-blue-600 to text-[#1D7BD7] to align the text color with the border color (#1D7BD7) for visual consistency, prioritizing design alignment over theme tokens.
Applied to files:
frontend/src/components/SponsorCard.tsxfrontend/src/app/page.tsx
📚 Learning: 2026-01-01T18:57:05.007Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2948
File: backend/apps/owasp/video.py:189-215
Timestamp: 2026-01-01T18:57:05.007Z
Learning: In the OWASP backend area, maintain the established pattern: when dealing with sponsors, include all entries from Sponsor.objects.all() (including NOT_SPONSOR) and perform in-memory sorting using the same criteria/pattern used by the GraphQL sponsor query implemented in backend/apps/owasp/api/internal/queries/sponsor.py. Apply this behavior consistently to files in backend/apps/owasp (not just video.py), and ensure code paths that render sponsor lists follow this in-code sorting approach rather than pre-filtering NOT_SPONSOR entries before sorting.
Applied to files:
backend/apps/owasp/models/chapter.pybackend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.pybackend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.pybackend/apps/owasp/api/internal/nodes/project.pybackend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.pybackend/apps/owasp/models/project.pybackend/apps/owasp/management/commands/owasp_aggregate_contributions.pybackend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.py
📚 Learning: 2025-07-12T17:36:57.255Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: frontend/__tests__/unit/pages/createProgram.test.tsx:70-86
Timestamp: 2025-07-12T17:36:57.255Z
Learning: When testing React page components that use mocked form components, validation logic should be tested at the form component level, not the page level. Page-level tests should focus on authentication, role checking, submission handling, and navigation logic.
Applied to files:
frontend/__tests__/unit/components/ContributionStats.test.tsxfrontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/__tests__/unit/components/ContributionHeatmap.test.tsx
📚 Learning: 2025-07-03T03:08:03.290Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1703
File: frontend/src/components/BarChart.tsx:33-46
Timestamp: 2025-07-03T03:08:03.290Z
Learning: In the OWASP Nest project's BarChart component (frontend/src/components/BarChart.tsx), the days and requirements arrays are guaranteed to always have the same length in their use cases, so input validation for array length matching is not needed.
Applied to files:
frontend/__tests__/unit/components/ContributionStats.test.tsxfrontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/__tests__/unit/components/ContributionHeatmap.test.tsxfrontend/src/components/ContributionHeatmap.tsx
📚 Learning: 2025-08-31T13:47:15.861Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2155
File: frontend/src/server/queries/programsQueries.ts:81-81
Timestamp: 2025-08-31T13:47:15.861Z
Learning: In frontend/src/server/queries/programsQueries.ts, GET_PROGRAM_DETAILS and GET_PROGRAM_ADMIN_DETAILS are two separate queries serving different purposes: GET_PROGRAM_DETAILS fetches comprehensive program information while GET_PROGRAM_ADMIN_DETAILS fetches only admin-related details. These queries cannot be removed or merged as they serve different use cases in the application.
Applied to files:
frontend/src/server/queries/chapterQueries.tsfrontend/src/server/queries/projectQueries.ts
📚 Learning: 2025-08-31T13:47:15.861Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2155
File: frontend/src/server/queries/programsQueries.ts:81-81
Timestamp: 2025-08-31T13:47:15.861Z
Learning: In frontend/src/server/queries/programsQueries.ts, GET_PROGRAM_DETAILS and GET_PROGRAM_ADMIN_DETAILS are two separate queries serving different purposes: GET_PROGRAM_DETAILS fetches comprehensive program information while GET_PROGRAM_ADMIN_DETAILS fetches only admin-related details.
Applied to files:
frontend/src/server/queries/chapterQueries.tsfrontend/src/server/queries/projectQueries.ts
📚 Learning: 2025-07-11T15:57:56.648Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: backend/apps/mentorship/graphql/queries/module.py:39-50
Timestamp: 2025-07-11T15:57:56.648Z
Learning: In the OWASP Nest mentorship GraphQL queries, Strawberry GraphQL automatically converts between Django Module instances and ModuleNode types, so methods can return Module instances directly without manual conversion even when typed as ModuleNode.
Applied to files:
backend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/owasp/api/internal/nodes/project.py
📚 Learning: 2025-07-13T05:55:46.436Z
Learnt from: Rajgupta36
Repo: OWASP/Nest PR: 1717
File: backend/apps/mentorship/graphql/mutations/program.py:166-166
Timestamp: 2025-07-13T05:55:46.436Z
Learning: In the OWASP Nest mentorship GraphQL mutations, Strawberry GraphQL automatically converts between Django Program instances and ProgramNode types, so mutations can return Program instances directly without manual conversion even when typed as ProgramNode, similar to the Module/ModuleNode pattern.
Applied to files:
backend/apps/owasp/api/internal/nodes/chapter.pybackend/apps/owasp/api/internal/nodes/project.py
📚 Learning: 2025-04-04T05:23:43.562Z
Learnt from: M-ayank2005
Repo: OWASP/Nest PR: 1282
File: frontend/src/pages/About.tsx:94-98
Timestamp: 2025-04-04T05:23:43.562Z
Learning: In the OWASP/Nest frontend project, DOMPurify is used to sanitize HTML content before rendering it with dangerouslySetInnerHTML, following security best practices to prevent XSS vulnerabilities.
Applied to files:
README.md
📚 Learning: 2025-06-30T00:55:03.133Z
Learnt from: kasya
Repo: OWASP/Nest PR: 1680
File: frontend/src/components/SponsorCard.tsx:3-3
Timestamp: 2025-06-30T00:55:03.133Z
Learning: In the OWASP/Nest project, interfaces or types are not created for component props that are used only once. Inline prop type definitions are preferred for single-use cases.
Applied to files:
README.md
📚 Learning: 2025-12-26T06:57:30.908Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1139
File: docker-compose/fuzz.yaml:70-83
Timestamp: 2025-12-26T06:57:30.908Z
Learning: In the fuzz testing environment (docker-compose/fuzz.yaml), the data-loader and graphql services are orchestrated in separate phases via the Makefile's test-fuzz target, not run simultaneously. The data is loaded to completion first, then the graphql fuzzer is started separately against the populated database. The docker-compose dependencies reflect runtime health checks rather than orchestration order.
Applied to files:
.github/workflows/run-ci-cd.yamldocker-compose/fuzz/compose.yaml
📚 Learning: 2025-06-20T16:12:59.256Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a length check before rendering HealthMetrics: `healthMetricsData.length > 0`. This ensures that when HealthMetrics is rendered, the data array has at least one element, making accessing data[0] safe within the HealthMetrics component.
Applied to files:
frontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/src/components/CardDetailsPage.tsxfrontend/src/types/card.ts
📚 Learning: 2025-06-20T16:12:59.256Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a safety check that ensures HealthMetrics component is only rendered when healthMetricsData exists and has at least one element: `healthMetricsData && healthMetricsData.length > 0`. This makes accessing data[0] safe within the HealthMetrics component.
Applied to files:
frontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/src/components/CardDetailsPage.tsxfrontend/src/types/card.ts
📚 Learning: 2025-11-17T17:30:42.139Z
Learnt from: anurag2787
Repo: OWASP/Nest PR: 2671
File: frontend/__tests__/unit/components/MultiSearch.test.tsx:169-171
Timestamp: 2025-11-17T17:30:42.139Z
Learning: In the OWASP/Nest frontend tests (PR #2671 context), wrapper functions like `expectChaptersCountEqualsThree` that simply call another helper with a fixed parameter (e.g., `expectChaptersCountEquals(3)`) are intentionally used to avoid arrow function callbacks in `waitFor` calls. This pattern prevents adding nesting depth that would trigger rule typescript:S2004. Example: `await waitFor(expectChaptersCountEqualsThree)` avoids the extra nesting from `await waitFor(() => expectChaptersCountEquals(3))`.
Applied to files:
frontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/__tests__/unit/components/ContributionHeatmap.test.tsx
📚 Learning: 2025-11-17T16:47:05.578Z
Learnt from: anurag2787
Repo: OWASP/Nest PR: 2671
File: frontend/__tests__/unit/components/MultiSearch.test.tsx:427-427
Timestamp: 2025-11-17T16:47:05.578Z
Learning: In the frontend test files for the OWASP/Nest repository, `expect(true).toBe(true)` no-op assertions may be intentionally added as workarounds when ESLint rule jest/expect-expect doesn't detect expectations inside helper functions or waitFor callbacks. These can be resolved by configuring the ESLint rule's assertFunctionNames option to recognize custom assertion helpers instead of flagging them as redundant.
Applied to files:
frontend/__tests__/unit/components/CardDetailsPage.test.tsxfrontend/__tests__/unit/components/ContributionHeatmap.test.tsx
📚 Learning: 2025-06-21T12:21:32.372Z
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 1633
File: frontend/src/components/GradientRadialChart.tsx:67-116
Timestamp: 2025-06-21T12:21:32.372Z
Learning: The react-apexcharts Chart component does not support ARIA attributes like aria-label and role as direct props. To add accessibility attributes to ApexCharts in React, wrap the Chart component in a container div with the appropriate ARIA attributes.
Applied to files:
frontend/__tests__/unit/components/ContributionHeatmap.test.tsxfrontend/src/components/ContributionHeatmap.tsx
📚 Learning: 2025-12-18T05:39:42.678Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2948
File: backend/apps/owasp/management/commands/owasp_generate_community_snapshot_video.py:40-40
Timestamp: 2025-12-18T05:39:42.678Z
Learning: In Django management commands, prefer using self.stdout.write(...) over print(...) for user-facing stdout output. This aligns with Django conventions and improves testability. When emitting messages, consider using self.stdout.write and, for styled messages, use self.style.SUCCESS/ERROR as appropriate to maintain consistent command output formatting. Apply this guideline to all Python files within any project's management/commands directory.
Applied to files:
backend/apps/owasp/management/commands/owasp_aggregate_contributions.pybackend/tests/apps/owasp/management/commands/owasp_aggregate_contributions_test.py
📚 Learning: 2025-11-23T11:37:26.253Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2606
File: backend/apps/api/rest/v0/project.py:43-48
Timestamp: 2025-11-23T11:37:26.253Z
Learning: In the OWASP Nest backend, `entity_leaders` is a `property` method defined in `RepositoryBasedEntityModel` (backend/apps/owasp/models/common.py) that returns a dynamically constructed QuerySet. It cannot be prefetched using standard `prefetch_related()` because Django's prefetch mechanism only works on model fields and relations, not property methods.
Applied to files:
backend/apps/api/rest/v0/project.py
📚 Learning: 2025-08-31T13:47:15.861Z
Learnt from: rudransh-shrivastava
Repo: OWASP/Nest PR: 2155
File: frontend/src/server/queries/programsQueries.ts:81-81
Timestamp: 2025-08-31T13:47:15.861Z
Learning: In frontend/src/server/queries/programsQueries.ts, GET_PROGRAM_DETAILS is actively used in frontend/src/app/my/mentorship/programs/[programKey]/edit/page.tsx for program editing functionality and cannot be removed. It serves a different purpose than GET_PROGRAM_ADMIN_DETAILS, providing comprehensive program information needed for editing.
Applied to files:
frontend/src/server/queries/projectQueries.ts
🧬 Code graph analysis (22)
backend/tests/apps/api/rest/v0/project_test.py (2)
backend/apps/api/rest/v0/project.py (1)
ProjectDetail(40-52)backend/apps/owasp/api/internal/nodes/common.py (1)
leaders(19-21)
backend/apps/owasp/models/chapter.py (2)
backend/apps/owasp/api/internal/nodes/chapter.py (1)
contribution_stats(37-39)backend/apps/owasp/api/internal/nodes/project.py (1)
contribution_stats(45-47)
frontend/__tests__/unit/components/ContributionStats.test.tsx (2)
frontend/src/components/ContributionStats.tsx (1)
ContributionStats(9-64)frontend/src/utils/contributionDataUtils.ts (1)
ContributionStats(1-7)
frontend/src/utils/contributionDataUtils.ts (1)
frontend/src/components/ContributionStats.tsx (1)
ContributionStats(9-64)
backend/apps/owasp/api/internal/nodes/chapter.py (2)
backend/apps/core/utils/index.py (1)
deep_camelize(54-76)backend/apps/owasp/api/internal/nodes/project.py (1)
contribution_stats(45-47)
frontend/src/components/ContributionStats.tsx (1)
frontend/src/utils/contributionDataUtils.ts (1)
ContributionStats(1-7)
backend/tests/apps/owasp/api/internal/nodes/chapter_test.py (2)
backend/apps/owasp/api/internal/nodes/chapter.py (2)
ChapterNode(33-63)contribution_stats(37-39)backend/apps/owasp/api/internal/nodes/project.py (1)
contribution_stats(45-47)
backend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.py (3)
backend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.py (1)
Migration(6-32)backend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.py (1)
Migration(6-32)backend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.py (1)
Migration(6-34)
frontend/src/app/projects/[projectKey]/page.tsx (2)
frontend/src/utils/dateFormatter.ts (1)
getDateRange(104-122)frontend/src/utils/contributionDataUtils.ts (1)
getContributionStats(9-28)
backend/apps/owasp/api/internal/nodes/project.py (2)
backend/apps/core/utils/index.py (1)
deep_camelize(54-76)backend/apps/owasp/api/internal/nodes/chapter.py (1)
contribution_stats(37-39)
backend/apps/owasp/models/project.py (2)
backend/apps/owasp/api/internal/nodes/chapter.py (1)
contribution_stats(37-39)backend/apps/owasp/api/internal/nodes/project.py (1)
contribution_stats(45-47)
frontend/src/app/page.tsx (1)
frontend/src/utils/dateFormatter.ts (1)
formatDateRange(22-61)
backend/apps/owasp/management/commands/owasp_aggregate_contributions.py (3)
backend/apps/github/models/commit.py (1)
Commit(11-110)backend/apps/owasp/models/chapter.py (2)
Chapter(20-234)bulk_save(198-209)backend/apps/owasp/models/project.py (2)
Project(36-401)bulk_save(368-376)
frontend/src/app/chapters/[chapterKey]/page.tsx (2)
frontend/src/utils/dateFormatter.ts (1)
getDateRange(104-122)frontend/src/utils/contributionDataUtils.ts (1)
getContributionStats(9-28)
frontend/src/components/CardDetailsPage.tsx (2)
frontend/src/components/ContributionStats.tsx (1)
ContributionStats(9-64)frontend/src/utils/contributionDataUtils.ts (1)
ContributionStats(1-7)
frontend/src/types/card.ts (2)
frontend/src/utils/contributionDataUtils.ts (1)
ContributionStats(1-7)frontend/src/components/CardDetailsPage.tsx (1)
CardType(41-49)
backend/tests/apps/api/rest/v0/chapter_test.py (3)
backend/apps/github/models/repository.py (1)
nest_key(152-154)backend/apps/owasp/api/internal/queries/chapter.py (1)
chapter(14-19)backend/apps/owasp/api/internal/nodes/common.py (1)
leaders(19-21)
backend/apps/api/rest/v0/project.py (3)
backend/apps/api/rest/v0/common.py (1)
Leader(6-10)backend/apps/owasp/api/internal/nodes/common.py (1)
leaders(19-21)backend/apps/api/rest/v0/chapter.py (1)
resolve_leaders(48-53)
backend/apps/core/utils/index.py (1)
backend/apps/common/utils.py (1)
convert_to_camel_case(21-38)
backend/apps/owasp/migrations/0067_chapter_contribution_stats_and_more.py (3)
backend/apps/owasp/migrations/0066_chapter_contribution_data_project_contribution_data.py (1)
Migration(6-32)backend/apps/owasp/migrations/0068_alter_chapter_contribution_stats_and_more.py (1)
Migration(6-32)backend/apps/owasp/migrations/0069_alter_project_contribution_data_and_more.py (1)
Migration(6-34)
backend/apps/api/rest/v0/chapter.py (3)
backend/apps/api/rest/v0/common.py (1)
Leader(6-10)backend/apps/owasp/api/internal/nodes/common.py (1)
leaders(19-21)backend/apps/api/rest/v0/project.py (1)
resolve_leaders(47-52)
frontend/src/components/ContributionHeatmap.tsx (1)
frontend/src/utils/pluralize.ts (1)
pluralize(1-4)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
- GitHub Check: Run frontend e2e tests
- GitHub Check: Run backend tests
- GitHub Check: Run fuzz tests
- GitHub Check: Run frontend unit tests
| type=gha,compression=zstd | ||
| context: backend | ||
| file: backend/docker/Dockerfile.test | ||
| file: docker/backend/Dockerfile.test |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# First, let's check the actual directory structure
echo "=== Docker directory structure ==="
find docker -type f -name 'Dockerfile*' 2>/dev/null | sort || echo "No docker directory found"
echo ""
echo "=== Checking for backend/docker directory ==="
find . -path './backend/docker/Dockerfile*' 2>/dev/null | head -20 || echo "No backend/docker Dockerfiles found"
echo ""
echo "=== Checking for frontend/docker directory ==="
find . -path './frontend/docker/Dockerfile*' 2>/dev/null | head -20 || echo "No frontend/docker Dockerfiles found"
echo ""
echo "=== Full directory tree (first 50 lines) ==="
fd -t d . --max-one-result 2>/dev/null | head -1 | xargs -I {} find {} -maxdepth 3 -type d | sort | head -50Repository: OWASP/Nest
Length of output: 536
🏁 Script executed:
#!/bin/bash
# Let's check the workflow file at the specified lines
echo "=== Checking run-ci-cd.yaml at specified lines ==="
if [ -f ".github/workflows/run-ci-cd.yaml" ]; then
echo "Lines 175:"
sed -n '173,177p' .github/workflows/run-ci-cd.yaml
echo ""
echo "Lines 209:"
sed -n '207,211p' .github/workflows/run-ci-cd.yaml
echo ""
echo "Lines 301:"
sed -n '299,303p' .github/workflows/run-ci-cd.yaml
echo ""
echo "Lines 409-410:"
sed -n '407,412p' .github/workflows/run-ci-cd.yaml
echo ""
echo "Lines 475:"
sed -n '473,477p' .github/workflows/run-ci-cd.yaml
echo ""
echo "Lines 523:"
sed -n '521,525p' .github/workflows/run-ci-cd.yaml
else
echo "Workflow file not found"
fiRepository: OWASP/Nest
Length of output: 1287
Fix context path inconsistency on line 409-410.
All Dockerfile paths have been correctly updated to the new structure and exist in the filesystem. However, line 409-410 has a context path inconsistency: it uses context: docker/backend while all other build jobs use context: backend or context: frontend. This should be context: backend to match the pattern.
🤖 Prompt for AI Agents
In @.github/workflows/run-ci-cd.yaml around line 175, The CI job uses an
inconsistent build context value; change the context key that currently reads
"context: docker/backend" to "context: backend" so it matches the other build
jobs (and the Dockerfile paths like "file: docker/backend/Dockerfile.test");
update the single occurrence of "context: docker/backend" in
.github/workflows/run-ci-cd.yaml to "context: backend".
Collaborator
Author
There was a problem hiding this comment.
It is working actually
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check the actual context around line 409-410 in the workflow file
echo "=== Checking lines 405-415 in run-ci-cd.yaml ==="
sed -n '405,415p' .github/workflows/run-ci-cd.yaml
echo ""
echo "=== Looking for all 'context:' occurrences in the file ==="
grep -n "context:" .github/workflows/run-ci-cd.yaml | head -20
Length of output: 738
@ahmedxgouda, understood! If the build is working correctly with context: docker/backend on line 409, then the configuration is valid. Thank you for confirming – I'll defer to your experience with the working setup.
🧠 Learnings used
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 2429
File: backend/Makefile:30-32
Timestamp: 2025-10-26T12:50:50.512Z
Learning: The `exec-backend-e2e-command` and `exec-db-e2e-command` Makefile targets in the backend/Makefile are intended for local development and debugging only, not for CI/CD execution, so the `-it` flags are appropriate.
Learnt from: ahmedxgouda
Repo: OWASP/Nest PR: 3041
File: .github/workflows/run-ci-cd.yaml:233-243
Timestamp: 2025-12-26T06:09:08.868Z
Learning: For the OWASP/Nest repository, Redis image versions should remain consistent across all environments (production, staging, local, E2E, and CI/CD E2E tests). When upgrading Redis, update all docker-compose files and CI/CD workflow configurations together to maintain environment parity.
Comment on lines
+768
to
+791
| run-staging-zap-baseline-scan: | ||
| name: Run ZAP Baseline Scan | ||
| needs: | ||
| - deploy-staging-nest-proxy | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Run ZAP Baseline Scan | ||
| uses: zaproxy/action-baseline@de8ad967d3548d44ef623df22cf95c3b0baf8b25 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| target: 'https://nest.owasp.dev' | ||
| allow_issue_writing: false | ||
| fail_action: false | ||
| cmd_options: '-a -r zap-report.html' | ||
|
|
||
| - name: Upload ZAP report | ||
| if: always() | ||
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f | ||
| with: | ||
| name: zap-baseline-scan-report-${{ github.run_id }} | ||
| path: zap-report.html | ||
|
|
Contributor
There was a problem hiding this comment.
Artifact naming collision risk between staging and production ZAP scans.
Both run-staging-zap-baseline-scan (line 789) and run-production-zap-baseline-scan (line 1130) use the same artifact name pattern zap-baseline-scan-report-${{ github.run_id }}. If both jobs somehow run in the same workflow execution, the second upload would overwrite the first. Consider adding an environment suffix to differentiate them.
🔎 Proposed fix
# Staging job (line 789)
- name: zap-baseline-scan-report-${{ github.run_id }}
+ name: zap-baseline-scan-report-staging-${{ github.run_id }}
# Production job (line 1130)
- name: zap-baseline-scan-report-${{ github.run_id }}
+ name: zap-baseline-scan-report-production-${{ github.run_id }}Also applies to: 1109-1131
🤖 Prompt for AI Agents
In @.github/workflows/run-ci-cd.yaml around lines 768-791, The artifact name for
ZAP reports is identical for both run-staging-zap-baseline-scan and
run-production-zap-baseline-scan which can cause one upload to overwrite the
other; update the Upload ZAP report step in both jobs to append an
environment-specific suffix (e.g., -staging or -production) to the artifact name
(currently "zap-baseline-scan-report-${{ github.run_id }}") and likewise
differentiate the report file path/name (e.g., zap-report-staging.html) so both
artifacts are uniquely named and cannot collide.
Comment on lines
+475
to
+549
| The following diagram illustrates the complete contribution workflow: | ||
|
|
||
| ```mermaid | ||
| flowchart TD | ||
| Start([Start]) --> CreateIssue[Create New Issue] | ||
| Start --> FindIssue[Find Existing Issue] | ||
| CreateIssue --> GetAssigned["**Get Assigned to Issue**<br/>PRs will be automatically<br/>closed if you're not assigned"] | ||
| FindIssue --> GetAssigned | ||
| GetAssigned --> ResolveIssue[**Resolve Issue**<br/>work on code/docs/tests updates] | ||
| ResolveIssue --> RunChecks{**Run `make check-test`**<br/>locally! This is a required step -- you will not be assigned to new issues if you ignore this} | ||
| RunChecks -->|Fails| WP1[ ] | ||
| RunChecks -->|Passes| PushChanges[**Push Changes to<br/>GitHub Fork Branch**] | ||
| WP1 -.-> ResolveIssue | ||
| PushChanges --> HasPR{PR Exists?} | ||
| HasPR -->|No| CreateDraftPR[Create Draft PR] | ||
| HasPR -->|Yes| WaitAutoChecks[**Wait for Automated<br/>Checks to Finish**] | ||
| CreateDraftPR --> WaitAutoChecks | ||
| WaitAutoChecks --> CheckAutoTools{All **CodeRabbit and <br/>SonarQube** Comments<br/>Resolved?} | ||
| CheckAutoTools -->|No| MarkDraft[Make Sure PR Is **Marked as a Draft**] | ||
| CheckAutoTools -->|Yes| MarkReady[Mark PR as Ready<br/>for Review] | ||
| MarkDraft --> WP2[ ] | ||
| WP2 -.-> ResolveIssue | ||
| MarkReady --> RequestReview[Request Review from<br/>Project Maintainers] | ||
| RequestReview --> WaitMaintainer[Wait for Maintainers'<br/>Comments] | ||
| WaitMaintainer --> HasMaintainerComments{**Maintainers' Comments<br/>Resolved**?} | ||
| HasMaintainerComments -->|No| MarkDraft | ||
| HasMaintainerComments -->|Yes| CheckCI{**CI/CD<br/>Passing?**} | ||
| CheckCI -->|Yes| ReadyMerge([PR Ready for Merge]) | ||
| CheckCI -->|No| MarkDraft | ||
| style Start fill:#4caf50,stroke:#2e7d32,stroke-width:2px,color:#ffffff | ||
| style ReadyMerge fill:#4caf50,stroke:#2e7d32,stroke-width:2px,color:#ffffff | ||
| style ResolveIssue fill:#ff9800,stroke:#f57c00,stroke-width:2px,color:#000000 | ||
| style RunChecks fill:#2196f3,stroke:#1565c0,stroke-width:2px,color:#ffffff | ||
| style CheckAutoTools fill:#2196f3,stroke:#1565c0,stroke-width:2px,color:#ffffff | ||
| style HasMaintainerComments fill:#2196f3,stroke:#1565c0,stroke-width:2px,color:#ffffff | ||
| style CheckCI fill:#2196f3,stroke:#1565c0,stroke-width:2px,color:#ffffff | ||
| style MarkDraft fill:#ff9800,stroke:#f57c00,stroke-width:2px,color:#000000 | ||
| style MarkReady fill:#4caf50,stroke:#2e7d32,stroke-width:2px,color:#ffffff | ||
| style CreateDraftPR fill:#ff9800,stroke:#f57c00,stroke-width:2px,color:#000000 | ||
| style WP1 fill:transparent,stroke:transparent,color:transparent,width:0px,height:0px | ||
| style WP2 fill:transparent,stroke:transparent,color:transparent,width:0px,height:0px | ||
| linkStyle 0 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 1 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 2 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 3 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 4 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 5 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 6 stroke:#f44336,stroke-width:2px | ||
| linkStyle 7 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 8 stroke:#f44336,stroke-width:2px | ||
| linkStyle 9 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 10 stroke:#9e9e9e,stroke-width:2px | ||
| linkStyle 11 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 12 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 13 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 14 stroke:#f44336,stroke-width:2px | ||
| linkStyle 15 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 16 stroke:#f44336,stroke-width:2px | ||
| linkStyle 17 stroke:#f44336,stroke-width:2px | ||
| linkStyle 18 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 19 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 20 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 21 stroke:#f44336,stroke-width:2px | ||
| linkStyle 22 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 23 stroke:#4caf50,stroke-width:2px | ||
| linkStyle 24 stroke:#f44336,stroke-width:2px | ||
| ``` |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Find all workflow files and check for PR closure/assignment logic
find .github/workflows -type f \( -name "*.yml" -o -name "*.yaml" \) 2>/dev/null | head -20Repository: OWASP/Nest
Length of output: 341
🏁 Script executed:
# Check repository structure
ls -la .github/ 2>/dev/null || echo "No .github directory found"Repository: OWASP/Nest
Length of output: 675
🏁 Script executed:
# Search for any automation rules about assignment and PR closure
rg "assignee|assigned|auto.*close|close.*pull" --type yaml --type yml -i 2>/dev/null | head -30Repository: OWASP/Nest
Length of output: 36
🏁 Script executed:
# Look for make check-test definition
rg "check-test|check_test" --type makefile --type shell -A 3 2>/dev/null | head -30Repository: OWASP/Nest
Length of output: 36
🏁 Script executed:
# Examine the check-pr-issue workflow
cat .github/workflows/check-pr-issue.yamlRepository: OWASP/Nest
Length of output: 1015
🏁 Script executed:
# Examine run-ci-cd workflow
cat .github/workflows/run-ci-cd.yamlRepository: OWASP/Nest
Length of output: 40127
🏁 Script executed:
# Search CONTRIBUTING.md for "assign" and "close" references
rg "assign|close" CONTRIBUTING.md -i -B 2 -A 2Repository: OWASP/Nest
Length of output: 1064
🏁 Script executed:
# Look for Makefile and check-test target
find . -name "Makefile" -o -name "makefile" 2>/dev/null | xargs grep -l "check-test" 2>/dev/null || echo "No make check-test found"Repository: OWASP/Nest
Length of output: 64
🏁 Script executed:
# Check Makefile for check-test target
rg "check-test|check_test" Makefile -A 5 -B 2Repository: OWASP/Nest
Length of output: 236
🏁 Script executed:
# Get full CONTRIBUTING.md to review assignment policy thoroughly
wc -l CONTRIBUTING.md && cat -n CONTRIBUTING.md | grep -A 20 -B 5 "assigned\|assignment" -iRepository: OWASP/Nest
Length of output: 1733
First policy statement is accurate; second policy requires clarification.
The diagram's first policy—"PRs will be automatically closed if you're not assigned"—is correctly enforced via the check-pr-issue workflow, which closes PRs that lack a linked issue assigned to the author.
However, the second policy statement—"you will not be assigned to new issues if you ignore this" (regarding make check-test)—is overstated. The check-pr-issue workflow only validates assignee and issue reference requirements; there is no automation that prevents assignment to new issues based on local make check-test compliance. The workflow descriptions show that make check-test (combining pre-commit and test targets) is required for CI/CD to pass on submitted PRs, not for eligibility to be assigned.
Revise line 485 to clarify that make check-test is a required step before pushing to avoid CI/CD failures, rather than a prerequisite for assignment.
🤖 Prompt for AI Agents
In @CONTRIBUTING.md around lines 475-549, The policy sentence that reads "you
will not be assigned to new issues if you ignore this" (the text next to the
RunChecks node referencing `make check-test`) is misleading; edit that diagram
text so it instead states that running `make check-test` locally is required to
help ensure CI/CD passes and avoid automated CI failures on submitted PRs, not a
condition for being assigned to issues—keep the `make check-test` emphasis but
replace the assignment restriction wording with a clarification about preventing
CI/CD failures.
| COPY apps apps | ||
| COPY docker/entrypoint.sh entrypoint.sh | ||
| COPY manage.py wsgi.py ./ | ||
| COPY entrypoint.sh manage.py wsgi.py ./ |
Contributor
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify entrypoint.sh exists at repository root and check for any remaining references
# Check if entrypoint.sh exists at root
if [ -f "entrypoint.sh" ]; then
echo "✓ entrypoint.sh found at repository root"
ls -la entrypoint.sh
else
echo "✗ entrypoint.sh NOT found at repository root"
fi
echo ""
echo "Checking for references to docker/entrypoint.sh:"
rg -n "docker/entrypoint\.sh" || echo "No references found"
echo ""
echo "Checking Dockerfile for COPY command:"
rg -n "COPY.*entrypoint" docker/backend/Dockerfile || echo "Pattern not found"Repository: OWASP/Nest
Length of output: 250
🏁 Script executed:
#!/bin/bash
# Find entrypoint.sh in the repository
echo "Searching for entrypoint.sh:"
find . -name "entrypoint.sh" -type f 2>/dev/null
echo ""
echo "Also checking docker directory structure:"
ls -la docker/backend/ | head -20Repository: OWASP/Nest
Length of output: 585
🏁 Script executed:
#!/bin/bash
# Find manage.py and wsgi.py
echo "Locating manage.py:"
find . -name "manage.py" -type f 2>/dev/null
echo ""
echo "Locating wsgi.py:"
find . -name "wsgi.py" -type f 2>/dev/null
echo ""
echo "Checking current Dockerfile for context (around line 39):"
sed -n '35,45p' docker/backend/DockerfileRepository: OWASP/Nest
Length of output: 484
🏁 Script executed:
#!/bin/bash
# Check where apps, settings, static, templates are located
for dir in apps settings static templates; do
if [ -d "backend/$dir" ]; then
echo "✓ Found backend/$dir"
elif [ -d "$dir" ]; then
echo "✓ Found $dir at root"
else
echo "✗ $dir not found"
fi
doneRepository: OWASP/Nest
Length of output: 148
Fix COPY command: entrypoint.sh, manage.py, and wsgi.py are in backend/ directory.
Line 39 references entrypoint.sh, manage.py, and wsgi.py without the backend/ prefix, but these files are located at backend/entrypoint.sh, backend/manage.py, and backend/wsgi.py. The Docker build will fail with "file not found" errors.
Update line 39 to:
COPY backend/entrypoint.sh backend/manage.py backend/wsgi.py ./
🤖 Prompt for AI Agents
In @docker/backend/Dockerfile around line 39, The COPY instruction in the
Dockerfile currently lists entrypoint.sh, manage.py, and wsgi.py without their
directory prefix; update the COPY command that references those three filenames
so each source includes the backend/ prefix (i.e., copy backend/entrypoint.sh,
backend/manage.py and backend/wsgi.py into the image) to avoid "file not found"
errors during docker build.
arkid15r
approved these changes
Jan 5, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed change
Resolves #(put the issue number here)
Add the PR description here.
Checklist
make check-testlocally and all tests passed