Refactor of issue and release GraphQL queries

[AbhayTopno]

Resolves #1229

• Refactor of issue GraphQL query
• Refactor of release GraphQL query
• Updated frontend query

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Enhanced user activity views by displaying recent pull requests, issues, and releases with updated limits.
  • Added optional filtering by username for release listings.

• Refactor

  • Streamlined the presentation of user data by replacing legacy activity fields with refined recent activity fields.
  • Improved state management in the user details interface.

• Tests

  • Updated and added tests to align with the new data structure and ensure proper handling of missing user data.

Walkthrough

This pull request refactors the handling of issues and releases in the GitHub GraphQL API. It removes the IssueType and ReleaseType definitions and their associated fields/resolvers from the UserNode in favor of dedicated queries in separate files. The changes update default argument values, introduce an optional login parameter for filtering, and adjust related frontend queries, components, and tests to align with the updated data model. Test mocks and type definitions have been modified accordingly.

Changes

File(s)	Change Summary
backend/.../graphql/nodes/user.py, backend/.../tests/.../user_test.py, frontend/.../types/user.ts	Removed IssueType and ReleaseType classes from UserNode, deleted corresponding fields (issues, releases) and resolvers; updated tests and user type definition to reflect these removals.
backend/.../graphql/queries/issue.py, backend/.../graphql/queries/release.py, backend/.../graphql/queries/pull_request.py	Updated GraphQL queries by adjusting default limit values; made the limit parameter required for recent issues; added an optional login parameter for releases; revised method signatures accordingly.
frontend/.../api/queries/userQueries.ts, frontend/.../pages/UserDetails.tsx	Modified frontend GraphQL query and component state to replace deprecated issues and releases fields with recentIssues, recentPullRequests, and recentReleases including updated field limits.
frontend/__tests__/unit/data/mockUserDetails.ts, frontend/__tests__/unit/pages/UserDetails.test.tsx, frontend/__tests__/unit/pages/About.test.tsx	Updated mock data and test cases to align with the new recent activity data structure; added a new test in the About component for missing user data cases.

Assessment against linked issues

Objective	Addressed	Explanation
Refactor github/user issuer/releases GraphQL queries (#1229)	✅

Suggested reviewers

• kasya

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f7a4ba and 42f7580.

📒 Files selected for processing (3)

• backend/apps/github/graphql/queries/issue.py (1 hunks)
• backend/apps/github/graphql/queries/pull_request.py (1 hunks)
• frontend/src/api/queries/userQueries.ts (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• backend/apps/github/graphql/queries/issue.py
• frontend/src/api/queries/userQueries.ts

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Run backend tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (1)

backend/apps/github/graphql/queries/pull_request.py (1)

16-16:

Details

❓ Verification inconclusive

Default limit value changed from 6 to 5.

This change aligns with the standardization of default limits across GraphQL queries (issues, releases, and pull requests) as part of the refactoring effort. This ensures a more consistent API behavior.

While this is a minor change, verify that any frontend components or tests relying on the previous default of 6 items have been updated accordingly to prevent unexpected behavior.

---

🏁 Script executed:

#!/bin/bash
# Check if there are any frontend components that might be expecting 6 items
echo "Searching for frontend components that might reference pull requests:"
rg -A 3 -B 3 "pull_?requests.*limit" --glob "frontend/**/*.(js|jsx|ts|tsx)"

echo "Checking for tests that might assume the previous default limit:"
rg -A 3 -B 3 "pull_?requests.*limit" --glob "**/*test*.(py|js|jsx|ts|tsx)"

Length of output: 740

---

Attention: Verify Frontend and Test Dependencies Manually

The default limit for pull requests has been updated from 6 to 5 in line with the standardization across GraphQL queries (issues, releases, and pull requests). Automated searches to detect whether any frontend components or tests assume a default limit of 6 did not return any matches—likely due to filtering issues with the search command. Therefore, please perform a manual verification to ensure that no parts of the codebase (especially in any custom or differently structured frontend areas) rely on the previous default value.

• Confirm that any frontend components handling pull request queries are not affected by the change.
• Check that tests expecting the old default limit have been updated accordingly, particularly if there are non-standard test setups.

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

backend/apps/github/graphql/nodes/issue.py (1)

25-28: Consider if resolver method is necessary.

This resolver method simply returns the value of the attribute with the same name. GraphQL's default resolver behavior would handle this automatically, making this method potentially redundant.

If there's no specific processing needed for the URL value, you could remove this method and GraphQL would resolve it correctly:

-    def resolve_url(self, info):
-        """Resolve URL."""
-        return self.url

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bccefd1 and 8e9e0af.

📒 Files selected for processing (7)

• backend/apps/github/graphql/nodes/issue.py (2 hunks)
• backend/apps/github/graphql/nodes/user.py (0 hunks)
• backend/apps/github/graphql/queries/issue.py (1 hunks)
• backend/apps/github/graphql/queries/release.py (2 hunks)
• backend/tests/apps/github/graphql/nodes/user_test.py (0 hunks)
• frontend/src/api/queries/userQueries.ts (1 hunks)
• frontend/src/pages/UserDetails.tsx (6 hunks)

💤 Files with no reviewable changes (2)

• backend/apps/github/graphql/nodes/user.py
• backend/tests/apps/github/graphql/nodes/user_test.py

🧰 Additional context used

🧬 Code Definitions (1)

backend/apps/github/graphql/queries/release.py (1)

backend/apps/owasp/graphql/nodes/project.py (1)

• resolve_recent_releases (60-62)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: Run backend tests
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (16)

backend/apps/github/graphql/nodes/issue.py (2)

3-4: LGTM - Import required module.

Adding the graphene import ensures the module is explicitly available for the new field definition.

---

12-13: LGTM - Added URL field.

The addition of the URL field enhances the IssueNode by exposing the URL directly in the GraphQL schema.

frontend/src/pages/UserDetails.tsx (5)

26-27: LGTM - Added state variable for issues.

Good addition of a dedicated state variable for issues, which aligns with the refactored GraphQL query structure.

---

29-30: LGTM - Added state variable for releases.

Good addition of a dedicated state variable for releases, which aligns with the refactored GraphQL query structure.

---

45-48: LGTM - Updated state setters to use refactored GraphQL query fields.

Correctly updated to use the new top-level query fields instead of nested fields from the user object.

---

106-121: LGTM - Updated formattedIssues to use the new issues state variable.

The component now correctly uses the dedicated issues state variable and properly updates the dependency array for the useMemo hook.

---

139-155: LGTM - Updated formattedReleases to use the new releases state variable.

The component now correctly uses the dedicated releases state variable and properly updates the dependency array for the useMemo hook.

frontend/src/api/queries/userQueries.ts (3)

5-10: LGTM - Added recentIssues query field.

Good refactoring to move issues from being nested under the user to a separate top-level field in the query. This provides better separation of concerns and likely improves query performance.

---

16-22: LGTM - Added recentReleases query field.

Good refactoring to move releases from being nested under the user to a separate top-level field in the query. This provides better separation of concerns and likely improves query performance.

---

1-50:

Details

✅ Verification successful

Verify GraphQL query compatibility with backend schema.

The query has been significantly refactored. Let's verify that the backend schema supports these changes to ensure there are no runtime errors.

---

🏁 Script executed:

#!/bin/bash
# Check if the schema has corresponding fields for the refactored query

# Look for recent_issues field implementation in backend code
echo "Checking for recent_issues field implementation:"
rg -A 3 "recent_issues\s*=\s*graphene\." --type py

# Look for recent_releases field implementation in backend code
echo -e "\nChecking for recent_releases field implementation:"
rg -A 3 "recent_releases\s*=\s*graphene\." --type py

# Look for resolver methods for the new fields
echo -e "\nChecking for resolver methods:"
rg "def resolve_recent_(issues|releases)" --type py

Length of output: 2298

---

GraphQL Query Compatibility Verified

The refactored query has been checked against the backend schema. Specifically, the shell script output confirms that:

• The backend defines the snake_case fields (recent_issues and recent_releases) with proper resolver methods.
• Graphene’s automatic conversion from snake_case to camelCase ensures that the query’s recentIssues and recentReleases fields map correctly, avoiding runtime errors.

The remaining fields (recentPullRequests, topContributedRepositories, and user) follow existing patterns and are assumed to be supported. No compatibility issues were detected.

backend/apps/github/graphql/queries/release.py (6)

16-16: Appropriate modification of default limit value

Reducing the default limit from 15 to 6 is a reasonable optimization that aligns with frontend needs while reducing data transfer. This change is consistent with the PR objectives to refactor GraphQL queries.

---

18-18: Good addition of the login filter parameter

Adding an optional login parameter enables more targeted queries, allowing clients to filter releases by author. This enhances the API's flexibility while maintaining backward compatibility since the parameter is marked as not required.

---

21-21: Properly updated resolver method signature

The resolver method signature has been correctly updated to match the field definition, with the default limit changed to 6 and the new login parameter added with a suitable default value of None.

---

29-29: Well-documented new parameter

The docstring has been properly updated to include documentation for the new login parameter, which is a good practice for maintaining clear API documentation.

---

41-45: Correct implementation of login filtering

The implementation of the login filter is straightforward and effective. It appropriately checks if the login parameter was provided before applying the filter, which maintains backward compatibility with existing queries.

---

14-19:

Details

✅ Verification successful

Verify consistency with other parts of the codebase

The change in default limit from 15 to 6 looks good, but it's worth verifying that this change doesn't affect other parts of the codebase that might expect a larger number of releases.

---

🏁 Script executed:

#!/bin/bash
# Check if there are any other parts of the codebase that reference a default limit of 15 for releases
echo "Searching for references to default limits for releases..."
rg -A 3 -B 3 "RECENT_RELEASES_LIMIT" --glob "**/*.py"
rg -A 3 -B 3 "\blimit=15\b" --glob "**/*.py" | grep -v "release.py"

Length of output: 4110

---

Ensure Release Query Default Remains Isolated and Intentional

After verifying the codebase, we found that the default limit change to 6 in the release query is isolated to this endpoint. Notably:

• The OWASP project node sets RECENT_RELEASES_LIMIT = 5.
• The GitHub repository node sets RECENT_RELEASES_LIMIT = 10.
• The value 15 still appears only in the issues query (resolve_recent_issues in issue.py).

No other part of the codebase relies on a default of 15 for releases. This variation appears intentional for the respective contexts. Please double-check that the slight difference in default limits across queries (5, 6, 10, and 15 for issues) aligns with your overall design expectations.

[arkid15r]

Please make sure all tests are green

[AbhayTopno]

Please make sure all tests are green

I'm making the changes

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

frontend/package.json (1)

62-62: Tailwind PostCSS Version Downgrade Detected
The dependency @tailwindcss/postcss has been downgraded from ^4.1.1 to ^4.0.17. Please verify that this downgrade is intentional and that no features or fixes from ^4.1.1 are required for your build tooling or CSS processing. It would be ideal to add a comment or documentation note explaining the reason for this change.

frontend/docker/Dockerfile.local (1)

1-1: Base Image Update: Transition to Debian-Based Image
The base image is now set to node:22-slim (Debian-based) instead of the previous Alpine variant. Please ensure that all dependencies and scripts that previously relied on Alpine’s environment are compatible with Debian.

backend/docker/Dockerfile.local (1)

5-10: Builder Stage: Package Updates and Installation
The builder stage performs an apt-get update followed by apt-get upgrade -y and installs essential packages (gcc and libpq-dev). While this is good practice for ensuring up-to-date security patches, consider if performing a full upgrade on every build is necessary since it can increase build time and potentially the image size.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e79590f and f49b33b.

⛔ Files ignored due to path filters (2)

• backend/poetry.lock is excluded by !**/*.lock
• frontend/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (3)

• backend/docker/Dockerfile.local (2 hunks)
• frontend/docker/Dockerfile.local (1 hunks)
• frontend/package.json (1 hunks)

🔇 Additional comments (8)

frontend/docker/Dockerfile.local (3)

3-3: Shell Configuration Update
The updated SHELL directive using /bin/bash with pipefail is well configured for improved error handling in multi-command RUN instructions.

---

7-9: File System Setup and Global Package Installation
The subsequent commands (removing package lists, creating the /home/owasp directory, setting ownership, and installing pnpm globally via npm) are well structured for a Debian-based image.

---

23-31: Downstream Configuration and File Copy
The remainder of the Dockerfile—copying files from the builder stage, exposing the port, setting the user and work directory—is clear and aligns with typical multi-stage Docker build practices.

backend/docker/Dockerfile.local (5)

1-4: Python Base Image and Shell Configuration
The Dockerfile starts with python:3.13-slim and sets the shell to /bin/bash with pipefail enabled. This configuration is appropriate for a Debian-based image and helps ensure that shell commands fail fast upon errors.

---

8-10: System User Setup and Dependency Management
The commands for creating a system group and user (owasp), and installing Poetry via pip, are well implemented to ensure a non-root runtime environment with proper dependency management.

---

12-19: Environment Variables and Application Dependencies in Builder Stage
The environment variables (POETRY_VIRTUALENVS_IN_PROJECT and PYTHONUNBUFFERED) and the subsequent installation of project dependencies through Poetry are clearly defined, ensuring consistency in the build environment.

---

21-30: Runtime Stage: Apt-get Installation and User Setup
In the runtime stage, installing libpq-dev and postgresql-client meets the application’s database client requirements. The re-creation of the system group and user ensures consistency with the builder stage. This separation is a hallmark of a lean multi-stage Docker build.

---

32-41: Final Stage: Environment Setup and File Copy
The final configuration—setting the environment PATH, exposing port 8000, and copying the necessary files from the builder stage—is implemented in a clean and organized manner. This results in a streamlined runtime image.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Apt-get Install Command Missing Package Names
The command

RUN apt-get update && apt-get install -y --no-install-recommends && \

is executed without specifying any packages. This could result in a no-op or an unexpected error. Please verify whether specific packages need to be installed here or remove the apt-get install segment if it isn’t required.

---

Critical Fix: Specify Package Names for the apt-get Install Command

The current Dockerfile line

RUN apt-get update && apt-get install -y --no-install-recommends && \

executes the install command without any package names. This results in either a no-op or an error. Please update this command to either include the intended package names or remove the apt-get install segment if it's unnecessary.

• Verify if the installation of specific packages (e.g., build tools or dependencies) was intended.
• If packages need to be added, update the command accordingly; otherwise, remove the redundant install call.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Repeated Apt-get Install Issue in Runtime Stage
A similar apt-get command is present in the runtime stage:

RUN apt-get update && apt-get install -y --no-install-recommends && \

again without package names. Please update this command to either include the necessary packages or remove it if it is not intended to install anything.

---

Fix the Missing Packages in Apt-get Install Commands

Please update the apt-get install commands to include the necessary package names or remove the commands if they aren’t intended to install anything. Notably:

• In frontend/docker/Dockerfile.local (lines 21-22), the command:

  RUN apt-get update && apt-get install -y --no-install-recommends && \
      rm -rf /var/lib/apt/lists/* && \
  

  is missing package names.
• A similar command exists in the runtime stage. If this repetition was not intentional, please remove the duplicate. Otherwise, specify which packages need installing in both stages to ensure consistency.

[sonarqubecloud]

Quality Gate failed

Failed conditions
8.2% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud