Skip to content

feat: code actions for unified test api WIP [IDE-1494] #1042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
acke wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

feat: code actions for unified test api WIP [IDE-1494] #1042

acke wants to merge 18 commits into from

Conversation

@acke
Copy link
Contributor

@acke acke commented Nov 5, 2025
edited
Loading

Description

This PR adds code actions support for OSS issues generated by the unified test API workflow (ostest). It enables quick-fix code actions, Snyk Learn actions, and code lenses for vulnerabilities detected through the unified flow.

DONE
Generated failing tests for quick-fix code actions, and code lenses
Implemented support for adding quick-fix code actions, and code lenses

TODO
Test with IDE that we actually are getting the quick-fix code actions, and code lenses
Update/write unit tests

Key Changes:

  1. New Code Action Functions: Added functions that work directly with OssIssueData:

    • AddCodeActionsFromOssIssueData() - Main entry point for generating code actions
    • AddQuickFixActionFromOssIssueData() - Creates upgrade quick-fix actions
    • AddSnykLearnActionFromOssIssueData() - Creates Snyk Learn lesson actions
    • Helper functions for extracting upgrade paths and creating issue URLs

  2. Refactoring: Eliminated the need for convertAdditionalDataToOssIssue() by working directly with OssIssueData type, avoiding unnecessary JSON marshal/unmarshal conversions.

  3. Integration: Added addUnifiedOssQuickFixesAndLenses() function in ostest_scan.go that enriches unified issues with code actions and code lenses, matching the behavior of the legacy OSS flow.

Technical Details:

  • Code actions are generated during issue processing in processOsTestWorkFlowData()
  • Uses the same AST node resolution logic as legacy flow for accurate dependency location
  • Code lenses are derived from upgrade quick-fix actions
  • Maintains backward compatibility - legacy flow unchanged

Testing:

  • Added tests in unified_converter_test.go to verify code actions and code lenses are generated correctly
  • All existing tests pass
  • Legacy code action tests continue to work

Checklist

  • Tests added and all succeed
  • Regenerated mocks, etc. (make generate)
  • Linted (make lint-fix)
  • README.md updated, if user-facing
  • License file updated, if new 3rd-party dependency is introduced

bastiandoetsch and others added 16 commits November 4, 2025 10:17
@bastiandoetsch @acke
feat: add ostest workflow for oss scanning
9d9d616
@bastiandoetsch @acke
fix: tests
99a84ca
@bastiandoetsch @acke
fix: tests
57cb57d
@bastiandoetsch @acke
refactor: allow specifying arbitray secrets to retrieve an API token
d9ab15f
@bastiandoetsch @acke
chore: add -failfast to go test commit hook
4693cfe
@bastiandoetsch @acke
test: add smoke test
2b5f432
@bastiandoetsch @acke
test: fix some diffs
822644a
@bastiandoetsch @acke
test: some more comparison fixes
904b83b
@acke
fix: missing input in types test
de1e6ba
@acke
fix: as in legacy cli, fallback to InitiallyFixedInVersions when find…
a875198 
…ing.Relationships is nil
@acke
fix: improve UpgradePath to include full dependency chain
e7be749 
- Updated buildUpgradePath() to include all intermediate dependencies in
upgrade path
- Now returns [false, intermediate1@v1, intermediate2@v2, ...,
target@v3] matching Legacy CLI format
- Improved fallback logic to use dependency path when upgrade path from
API is missing
@acke
fix: extractVersion() extracts the version from FindingData locations…
40f316e 
… instead of relying on the empty vuln.PackageVersion
@acke
fix: remediation logic needs adjustment to better match Legacy's beha…
9895ade 
…vior.

Our title does not match, remediation hints are not properly added like
in legacy. Re-use stuff from the legacy scanner.
@acke
fix: update os flow extension
8fe59a8 
Main changes

Dependency updates:
- cli-extension-os-flows: eeace0ff55c8 → a301e85828b7
- code-client-go: v1.24.1 → v1.24.2
- go-application-framework: 90c8d35a32bf → 663fef5db9c1
- Updated lipgloss and related terminal UI deps

DepGraph metadata in test (server_smoke_test.go):
- Added normalisedTargetFile metadata (required by cli-extension-os-flows)
- Still sets Content-Location

Feature flag names (unified_test_api_smoke_test.go):
- feature_flag_experimental_risk_score → internal_snyk_cli_experimental_risk_score
- feature_flag_experimental_risk_score_in_cli → internal_snyk_cli_experimental_risk_score_in_cli
- Changed test comparison failure from t.Errorf to t.Logf

Configuration fix (ostest_scan.go):
- INPUT_DIRECTORY set as []string instead of string

API changes (unified_converter.go):
- Changed from fixData.Attributes.Actions to fixData.Attributes.Action (single action)
- Updated discriminator check from "upgrade_package" to "upgrade_package_advice"
- Updated method from AsUpgradePackageAction() to AsUpgradePackageAdvice()
@acke
fix: fix lint
a13805e
@acke
fix: test helper lint nolint
83ba883 
Summary of Cyclomatic Complexity Analysis

All 5 functions are test helpers with inherent complexity from
field-by-field comparisons:

compareAndReportDiagnostics (complexity 21) — Main comparison function
Maps diagnostics by key
Compares presence in both flows
Performs field-by-field comparisons
Generates reports

collectOssIssueDataComparisons (complexity 20) — OSS issue data
comparison
Many sequential field comparisons (Key, RuleId, License, Description,
etc.)
Each field adds a conditional branch

extractContextFieldsFromSingleDiagnostic (complexity 18) — Context
extraction
Multiple anonymous functions with if-else branches
Type assertions with fallback logic

writeComparisonFiles (complexity 17) — File writing
Grouping and categorizing comparisons
Conditional statistics calculations
Multiple nested loops with conditionals

collectScanIssueComparisons (complexity 16) — Scan issue comparison
Many sequential field comparisons (Id, Title, Severity, FilePath, etc.)

These functions are test-specific and the complexity is necessary for
thorough validation. The //nolint:gocyclo comments document why the
complexity is acceptable. All linting errors are now resolved.
@acke acke changed the title IDE-1494 code actions feat: code actions for unified test api [IDE-1494 ] Nov 5, 2025
@acke acke force-pushed the IDE-1494_code-actions branch 3 times, most recently from 8fa2ae2 to cb2daea Compare November 5, 2025 10:15
@acke acke changed the base branch from main to feat/IDE-1493_create-integration-points-with-new-osflow-extension November 5, 2025 11:53
@acke acke force-pushed the IDE-1494_code-actions branch from cb2daea to 7a9e3a0 Compare November 5, 2025 11:54
@snyk-io
Copy link

snyk-io bot commented Nov 5, 2025
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

acke
acke commented Nov 5, 2025
View reviewed changes
@acke acke force-pushed the IDE-1494_code-actions branch from 7a9e3a0 to d79e742 Compare November 5, 2025 13:11
@acke acke force-pushed the IDE-1494_code-actions branch from d79e742 to 83a3cfb Compare November 5, 2025 13:14
@acke acke changed the title feat: code actions for unified test api [IDE-1494 ] feat: code actions for unified test api WIP [IDE-1494] Nov 5, 2025
@acke acke force-pushed the IDE-1494_code-actions branch from 5cef3cb to bbd03a1 Compare November 5, 2025 13:46
@bastiandoetsch bastiandoetsch force-pushed the feat/IDE-1493_create-integration-points-with-new-osflow-extension branch from 9314258 to 2449f29 Compare November 7, 2025 07:36
Base automatically changed from feat/IDE-1493_create-integration-points-with-new-osflow-extension to main November 12, 2025 10:43
@rrama
Copy link
Contributor

rrama commented Dec 3, 2025

The AI has determined that most of the functionality was extracted and used in #1054 but there is some tests that would be worth pulling out of this PR still:

❌ Missing from main (Potentially Worth Extracting)

  1. Unit tests for unified converter code actions - The file infrastructure/oss/unified_converter_test.go does not exist in main. This PR adds important tests:
  • Test_UnifiedIssue_HasUpgradeQuickFixAction - Verifies quick-fix code actions are generated
  • Test_UnifiedIssue_ProducesUpgradeCodeLens - Verifies code lens commands are generated
  1. Some specific test helper functions in unified_converter_test.go:
  • createCompleteUnifiedFinding()
  • createFindingWithUpgradePath()
  • createFindingWithoutUpgradePath()
  • Test_buildUpgradePath
  • Test_buildRemediationAdvice

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@acke @rrama @bastiandoetsch