Merge branch 'main' into joseph/dedup

Author: joseph-sentry

.github/workflows/upload-overwatch.yml

@@ -0,0 +1,43 @@
+name: Upload Overwatch
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+
+jobs:
+  upload-overwatch:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+      - name: Install UV
+        run: pip install uv
+      - name: Install Project Dependencies
+        run: |
+          uv export --format requirements-txt > requirements.txt
+          uv pip install -r requirements.txt --system
+      - name: Install Static Analysis Tools
+        run: |
+          pip install mypy==1.15.0
+          pip install ruff==0.9.6
+      - name: Install Build Dependencies
+        run: |
+          sudo apt-get update
+          # Install libssl1.1 from Ubuntu 20.04 repositories
+          wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb
+          sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb
+      - name: Install Overwatch CLI
+        run: |
+          curl -o overwatch-cli https://overwatch.codecov.dev/linux/cli
+          chmod +x overwatch-cli
+      - name: Run Overwatch CLI
+        run: |
+          ./overwatch-cli \
+            --auth-token ${{ secrets.SENTRY_AUTH_TOKEN }} \
+            --organization-slug codecov \
+            python \
+            --python-path $(which python3)

api/public/v2/report/views.py

@@ -112,7 +112,7 @@ def filter_report(
                 # empty report since the path is not part of the component
                 return Report()
 
-            component_flags = component.get_matching_flags(report.flags.keys())
+            component_flags = component.get_matching_flags(report.get_flag_names())
             if flag and len(component.flag_regexes) > 0 and flag not in component_flags:
                 # empty report since the flag is not part of the component
                 return Report()

api/public/v2/tests/test_api_compare_viewset.py

@@ -13,8 +13,7 @@
 )
 from shared.reports.api_report_service import SerializableReport
 from shared.reports.resources import Report, ReportFile
-from shared.reports.types import ReportLine
-from shared.reports.types import ReportTotals
+from shared.reports.types import ReportLine, ReportTotals
 from shared.utils.merge import LineType
 from shared.utils.sessions import Session
 

codecov_auth/authentication/repo_auth.py

@@ -338,6 +338,49 @@ def authenticate(
             raise exceptions.AuthenticationFailed(self.auth_failed_message)
 
 
+class TestAnalyticsTokenlessAuthentication(TokenlessAuthentication):
+    def _get_info_from_request_path(
+        self, request: HttpRequest
+    ) -> tuple[Repository, str | None]:
+        try:
+            body = json.loads(str(request.body, "utf8"))
+
+            # Validate provider
+            service_enum = Service(body.get("service"))
+
+            # Validate that next group exists and decode slug
+            repo = get_repository_from_string(service_enum, body.get("slug"))
+            if repo is None:
+                # Purposefully using the generic message so that we don't tell that
+                # we don't have a certain repo
+                raise exceptions.AuthenticationFailed(self.auth_failed_message)
+
+            return repo, body.get("commit")
+        except json.JSONDecodeError:
+            # Validate request body format
+            raise exceptions.AuthenticationFailed(self.auth_failed_message)
+        except ValueError:
+            # Validate provider
+            raise exceptions.AuthenticationFailed(self.auth_failed_message)
+
+    def get_branch(
+        self,
+        request: HttpRequest,
+        repoid: Optional[int] = None,
+        commitid: Optional[str] = None,
+    ) -> str:
+        body = json.loads(str(request.body, "utf8"))
+
+        # If commit is not created yet (ie first upload for this commit), we just validate branch format.
+        # However, if a commit exists already (ie not the first upload for this commit), we must additionally
+        # validate the saved commit branch matches what is requested in this upload call.
+        commit = Commit.objects.filter(repository_id=repoid, commitid=commitid).first()
+        if commit and commit.branch != body.get("branch"):
+            raise exceptions.AuthenticationFailed(self.auth_failed_message)
+
+        return body.get("branch")
+
+
 class BundleAnalysisTokenlessAuthentication(TokenlessAuthentication):
     def _get_info_from_request_path(
         self, request: HttpRequest

compare/commands/compare/interactors/fetch_impacted_files.py

@@ -41,6 +41,7 @@ def _apply_filters(
         components_flags = []
 
         head_commit_report = comparison.head_report_without_applied_diff
+        report_flags = head_commit_report and head_commit_report.get_flag_names()
         if components_filter:
             all_components = components.commit_components(
                 comparison.head_commit, comparison.user
@@ -50,9 +51,7 @@ def _apply_filters(
             )
             for component in filtered_components:
                 components_paths.extend(component.paths)
-                components_flags.extend(
-                    component.get_matching_flags(head_commit_report.flags.keys())
-                )
+                components_flags.extend(component.get_matching_flags(report_flags))
 
         # Flags & Components intersection
         if components_flags:
@@ -62,7 +61,7 @@ def _apply_filters(
                 flags_filter = components_flags
 
         if flags_filter:
-            if set(flags_filter) & set(head_commit_report.flags):
+            if set(flags_filter) & set(report_flags):
                 files = files_belonging_to_flags(
                     commit_report=head_commit_report, flags=flags_filter
                 )

graphql_api/tests/test_branch.py

@@ -173,6 +173,9 @@ def __iter__(self):
         for name in self.files:
             yield MockFile(name)
 
+    def get_flag_names(self):
+        return ["flag_a"]
+
     @property
     def flags(self):
         return {"flag-a": MockFlag()}
@@ -199,6 +202,9 @@ def __init__(self):
     def flags(self):
         return None
 
+    def get_flag_names(self):
+        return []
+
 
 class TestBranch(GraphQLTestHelper, TransactionTestCase):
     def setUp(self):

graphql_api/tests/test_commit.py

@@ -97,9 +97,8 @@ def get(self, file, _else):
     def filter(self, **kwargs):
         return self
 
-    @property
-    def flags(self):
-        return {"flag_a": True, "flag_b": True}
+    def get_flag_names(self):
+        return ["flag_a", "flag_b"]
 
 
 class EmptyReport(MockReport):

graphql_api/tests/test_path_content.py

@@ -3,8 +3,7 @@
 from django.test import TransactionTestCase
 from shared.django_apps.core.tests.factories import CommitFactory
 from shared.reports.resources import Report, ReportFile
-from shared.reports.types import ReportLine
-from shared.reports.types import ReportTotals
+from shared.reports.types import ReportLine, ReportTotals
 from shared.utils.sessions import Session
 
 from services.path import Dir, File

graphql_api/types/commit/commit.py

@@ -160,6 +160,8 @@ def get_sorted_path_contents(
     component_paths = []
     component_flags = []
 
+    report_flags = report.get_flag_names()
+
     if component_filter:
         all_components = components_service.commit_components(commit, current_owner)
         filtered_components = components_service.filter_components_by_name_or_id(
@@ -173,18 +175,16 @@ def get_sorted_path_contents(
 
         for component in filtered_components:
             component_paths.extend(component.paths)
-            if report.flags:
-                component_flags.extend(
-                    component.get_matching_flags(report.flags.keys())
-                )
+            if report_flags:
+                component_flags.extend(component.get_matching_flags(report_flags))
 
     if component_flags:
         if flags_filter:
             flags_filter = list(set(flags_filter) & set(component_flags))
         else:
             flags_filter = component_flags
 
-    if flags_filter and not report.flags:
+    if flags_filter and not report_flags:
         return UnknownFlags(f"No coverage with chosen flags: {flags_filter}")
 
     report_paths = ReportPaths(
@@ -325,8 +325,8 @@ def resolve_coverage_totals(
 @sentry_sdk.trace
 @commit_coverage_analytics_bindable.field("flagNames")
 @sync_to_async
-def resolve_coverage_flags(commit: Commit, info: GraphQLResolveInfo) -> List[str]:
-    return commit.full_report.flags.keys()
+def resolve_coverage_flags(commit: Commit, info: GraphQLResolveInfo) -> list[str]:
+    return commit.full_report.get_flag_names()
 
 
 @sentry_sdk.trace

graphql_api/types/comparison/comparison.py

@@ -45,7 +45,9 @@ def resolve_impacted_files(
 
     if filters and comparison:
         flags = filters.get("flags", [])
-        if flags and set(flags).isdisjoint(set(comparison.head_report.flags)):
+        if flags and set(flags).isdisjoint(
+            set(comparison.head_report.get_flag_names())
+        ):
             return UnknownFlags()
 
     return {