Improve dashboard metrics list

[ahmedxgouda]

Proposed change

Resolves #1958

Now we should not have neither inactive projects nor duplicates

Checklist

• I've read and followed the contributing guidelines.
• I've run make check-test locally; all checks and tests passed.

[coderabbitai]

Summary by CodeRabbit

• New Features

  • Added secondary ordering by project name to project health metrics for more consistent pagination results.

• Bug Fixes

  • Improved ordering logic to prevent random ordering when metric scores are equal.

• Chores

  • Updated tests to reflect new ordering logic.
  • Metrics now only include active projects in results.

Walkthrough

This change updates the backend and frontend to ensure the Project Health Metrics dashboard only displays active projects and removes duplicate projects by enforcing a secondary ordering by project name. The backend adds filtering for active projects and secondary ordering logic, while the frontend adapts its GraphQL queries to reflect these changes. Tests are updated accordingly.

Changes

Cohort / File(s)	Change Summary
Backend: Ordering Logic and Filtering backend/apps/owasp/api/internal/ordering/project_health_metrics.py, backend/apps/owasp/models/project_health_metrics.py	Adds a secondary ordering field (project__name) to the ordering class and filters health metrics to only include active projects in the model method. Updates type annotations and adds explanatory comments.
Backend: Tests backend/tests/apps/owasp/api/internal/ordering/project_health_metrics_test.py	Updates tests to expect the new secondary ordering field and verify its correct use in ordering logic.
Frontend: GraphQL Query Update frontend/src/app/projects/dashboard/metrics/page.tsx	Modifies the ordering variables for the GraphQL query and pagination to use an array with both primary and secondary ordering, ensuring consistent and unique ordering in the UI.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Assessment against linked issues

Objective (Issue #)	Addressed	Explanation
Do not show inactive projects in the Project Health Metrics list (#1958)	✅
Remove duplicated projects from the Project Health Metrics (#1958)	✅

Assessment against linked issues: Out-of-scope changes

No out-of-scope changes found.

Possibly related PRs

• Implement the presentation of dashboard metrics list with filters #1718: Modifies the frontend metrics page to use an array of ordering objects, directly related to the ordering logic updated in this PR.

Suggested reviewers

• aramattamara
• arkid15r

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cc9b6a4 and 6d7d47a.

📒 Files selected for processing (1)

• backend/apps/owasp/api/internal/ordering/project_health_metrics.py (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/apps/owasp/api/internal/ordering/project_health_metrics.py

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Run frontend unit tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: Run backend tests

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

backend/tests/apps/owasp/api/internal/filters/project_health_metrics_test.py (1)

24-27: Good test coverage, but consider additional test cases.

The test correctly validates the is_active=True case. However, consider adding test cases for is_active=False and edge cases to ensure comprehensive coverage of the boolean filter logic.

Consider adding these additional test cases:

def test_filtering_inactive_projects(self):
    """Test filtering by inactive projects."""
    filter_instance = ProjectHealthMetricsFilter(is_active=False)
    assert filter_instance.is_active is False

def test_filtering_no_active_filter(self):
    """Test when is_active filter is not provided."""
    filter_instance = ProjectHealthMetricsFilter(level="flagship", score=50)
    assert not hasattr(filter_instance, 'is_active') or filter_instance.is_active is None

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7db4e59 and d73b3a8.

📒 Files selected for processing (5)

• backend/apps/owasp/api/internal/filters/project_health_metrics.py (1 hunks)
• backend/apps/owasp/api/internal/ordering/project_health_metrics.py (2 hunks)
• backend/tests/apps/owasp/api/internal/filters/project_health_metrics_test.py (1 hunks)
• backend/tests/apps/owasp/api/internal/ordering/project_health_metrics_test.py (1 hunks)
• frontend/src/app/projects/dashboard/metrics/page.tsx (5 hunks)

🧰 Additional context used

🧠 Learnings (4)

📓 Common learnings

Learnt from: ahmedxgouda
PR: OWASP/Nest#1633
File: frontend/src/components/GradientRadialChart.tsx:113-113
Timestamp: 2025-06-21T12:22:01.889Z
Learning: In the OWASP Nest project, health metrics requirements (like lastCommitDaysRequirement, lastReleaseDaysRequirement) should never be 0. A requirement value of 0 is considered invalid and should result in displaying 0 on the radial chart.

📚 Learning: in the detailscard component (frontend/src/components/carddetailspage.tsx), there's a length check b...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a length check before rendering HealthMetrics: `healthMetricsData.length > 0`. This ensures that when HealthMetrics is rendered, the data array has at least one element, making accessing data[0] safe within the HealthMetrics component.

Applied to files:

• frontend/src/app/projects/dashboard/metrics/page.tsx

📚 Learning: in the detailscard component (frontend/src/components/carddetailspage.tsx), there's a safety check t...

Learnt from: ahmedxgouda
PR: OWASP/Nest#1633
File: frontend/src/components/HealthMetrics.tsx:30-30
Timestamp: 2025-06-20T16:12:59.256Z
Learning: In the DetailsCard component (frontend/src/components/CardDetailsPage.tsx), there's a safety check that ensures HealthMetrics component is only rendered when healthMetricsData exists and has at least one element: `healthMetricsData && healthMetricsData.length > 0`. This makes accessing data[0] safe within the HealthMetrics component.

Applied to files:

• frontend/src/app/projects/dashboard/metrics/page.tsx

📚 Learning: in the owasp nest project's metricspage component (frontend/src/app/projects/dashboard/metrics/page....

Learnt from: ahmedxgouda
PR: OWASP/Nest#1718
File: frontend/src/app/projects/dashboard/metrics/page.tsx:96-96
Timestamp: 2025-07-09T08:37:10.241Z
Learning: In the OWASP Nest project's MetricsPage component (frontend/src/app/projects/dashboard/metrics/page.tsx), the sorting dropdown intentionally uses selectionMode="multiple" to allow users to select multiple sorting criteria simultaneously. This enables complex sorting scenarios where users can sort by multiple fields in sequence.

Applied to files:

• frontend/src/app/projects/dashboard/metrics/page.tsx

🧬 Code Graph Analysis (2)

backend/tests/apps/owasp/api/internal/ordering/project_health_metrics_test.py (1)

backend/apps/owasp/api/internal/ordering/project_health_metrics.py (1)

• ProjectHealthMetricsOrder (10-18)

backend/tests/apps/owasp/api/internal/filters/project_health_metrics_test.py (2)

backend/apps/owasp/api/internal/filters/project_health_metrics.py (3)

• ProjectHealthMetricsFilter (12-27)
• level (20-22)
• is_active (25-27)

backend/apps/owasp/models/enums/project.py (1)

• ProjectLevel (27-34)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Run backend tests
• GitHub Check: Run frontend e2e tests
• GitHub Check: Run frontend unit tests
• GitHub Check: CodeQL (python)
• GitHub Check: CodeQL (javascript-typescript)

🔇 Additional comments (10)

backend/apps/owasp/api/internal/ordering/project_health_metrics.py (2)

13-18: LGTM! Good solution for deterministic pagination.

The addition of secondary ordering by project__name is a solid approach to ensure deterministic results when scores are equal. The comments clearly explain the rationale, and the implementation correctly uses Django's related field syntax.

---

3-3: Import change looks good.

The change from importing individual auto to importing the full strawberry module provides consistency and better namespace clarity.

backend/tests/apps/owasp/api/internal/ordering/project_health_metrics_test.py (2)

18-19: LGTM! Test coverage for new ordering field.

The updated test correctly validates that both score and project__name fields are present in the ordering definition.

---

23-25: LGTM! Comprehensive ordering instance testing.

The test properly validates that both ordering fields can be instantiated and accessed correctly.

backend/tests/apps/owasp/api/internal/filters/project_health_metrics_test.py (1)

19-20: LGTM! Filter field validation updated correctly.

The test properly validates that the new is_active field is included in the filter definition.

frontend/src/app/projects/dashboard/metrics/page.tsx (5)

55-57: LGTM! Proper default filtering for active projects.

Setting the default filter to include isActive: true directly addresses the PR objective of excluding inactive projects from the dashboard by default.

---

66-69: LGTM! Filter preservation implemented correctly.

The spread operator properly preserves existing filters (including isActive) when applying health filters, ensuring the active-only behavior is maintained.

---

187-187: LGTM! Consistent reset behavior.

The reset functionality correctly maintains the isActive: true default, ensuring users always see only active projects even after resetting other filters.

---

105-110: LGTM! Secondary ordering for deterministic pagination.

The addition of secondary ordering by project_Name ascending aligns with the backend changes and ensures consistent, predictable pagination results when scores are equal.

---

257-262: LGTM! Consistent ordering in pagination.

The fetchMore call correctly applies the same secondary ordering logic, ensuring consistent results across pagination operations.

[arkid15r]

It seems the filtering for active/inactive projects is available for the end-user. We don't want to expose inactive projects at all -- they just should not exist for a user is they are inactive.

[arkid15r]

Any reason for having __ in the name?

[ahmedxgouda]

strawberry use these attributes in the order_by method. project_name is not an attribute of the metrics but it is an attribute of the project. And like we access nested attributes in django methods, strawberry does the same.

[arkid15r]

What naming convention was used here?

[ahmedxgouda]

It is automatically converted by strawberry. Since the attribute is project__name, it is handled like other attributes. Just first underscore removed and capitalize the second name.

[arkid15r]

I'm not sure how it works though. Let's merge it as is and improve sorting capabilities later.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud