TRT-2735: Move PayloadForJobRun from BigQuery to PostgreSQL

[mstaeble]

Summary

• Replace BigQuery query in PayloadForJobRun with a PostgreSQL query joining release_job_runs and release_tags. The release_job_runs table already has a unique index on prow_job_run_id, so no schema migration is needed.
• Remove bq.NullString dependency from the JobPayload API type, replacing it with *string.
• Change endpoint capability from ComponentReadinessCapability to LocalDBCapability, making the endpoint available without BigQuery credentials.

Fixes https://issues.redhat.com/browse/TRT-2735

Test plan

• go vet ./pkg/... passes
• go build ./pkg/... passes
• go test passes for all affected packages
• Verified endpoint returns correct data against staging database

Staging verification

Ran sippy serve against the staging database and tested the /api/job/run/payload endpoint:

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=1683955013744857088" | python3 -m json.tool
[
    {
        "prowjob_job_name": "upgrade-minor",
        "payload": "4.7.0-0.ci-2023-07-25-213032",
        "prowjob_build_id": "1683955013744857088"
    }
]

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=1683955013539336192" | python3 -m json.tool
[
    {
        "prowjob_job_name": "upgrade-minor-aws-ovn",
        "payload": "4.7.0-0.ci-2023-07-25-213032",
        "prowjob_build_id": "1683955013539336192"
    }
]

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=999" | python3 -m json.tool
[]

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes
  • Job run payload lookups now use the app’s local database instead of an external query source, improving reliability.
  • The job payload API now returns payload-related fields consistently as JSON values (using standard nullable JSON instead of specialized types).
  • The /api/job/run/payload endpoint access now follows the local database capability check, which may change which clients can retrieve this data.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: automatic mode

[openshift-ci-robot]

@mstaeble: This pull request references TRT-2735 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Replace BigQuery query in PayloadForJobRun with a PostgreSQL query joining release_job_runs and release_tags. The release_job_runs table already has a unique index on prow_job_run_id, so no schema migration is needed.
• Remove bq.NullString dependency from the JobPayload API type, replacing it with *string.
• Change endpoint capability from ComponentReadinessCapability to LocalDBCapability, making the endpoint available without BigQuery credentials.

Fixes https://issues.redhat.com/browse/TRT-2735

Test plan

• go vet ./pkg/... passes
• go build ./pkg/... passes
• go test passes for all affected packages
• Verified endpoint returns correct data against staging database

Staging verification

Ran sippy serve against the staging database and tested the /api/job/run/payload endpoint:

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=1683955013744857088" | python3 -m json.tool
[
   {
       "prowjob_job_name": "upgrade-minor",
       "payload": "4.7.0-0.ci-2023-07-25-213032",
       "prowjob_build_id": "1683955013744857088"
   }
]

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=1683955013539336192" | python3 -m json.tool
[
   {
       "prowjob_job_name": "upgrade-minor-aws-ovn",
       "payload": "4.7.0-0.ci-2023-07-25-213032",
       "prowjob_build_id": "1683955013539336192"
   }
]

$ curl -s "http://localhost:9090/api/job/run/payload?prow_job_run_id=999" | python3 -m json.tool
[]

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d2f1bd6f-3f91-43cd-8ec1-cae2803957c0

📥 Commits

Reviewing files that changed from the base of the PR and between aa341d4 and e8eb42c.

📒 Files selected for processing (4)

• pkg/api/releases.go
• pkg/apis/api/types.go
• pkg/bigquery/bqlabel/labels.go
• pkg/sippyserver/server.go

💤 Files with no reviewable changes (1)

• pkg/bigquery/bqlabel/labels.go

🚧 Files skipped from review as they are similar to previous changes (3)

• pkg/apis/api/types.go
• pkg/sippyserver/server.go
• pkg/api/releases.go

---

Walkthrough

The job run payload endpoint now reads payload data from the local database instead of BigQuery. The payload type is JSON-oriented, the BigQuery query label constant is removed, and the endpoint now requires local DB capability.

Changes

Local DB job run payload flow

Layer / File(s)	Summary
Payload contract and label cleanup pkg/apis/api/types.go, pkg/bigquery/bqlabel/labels.go	JobPayload switches payload serialization to *string, and the job-run-payload query label constant is removed.
DB-backed payload query pkg/api/releases.go	PayloadForJobRun now queries release_job_runs joined with release_tags by prow job run ID and returns payload, job name, and build ID from the local database.
Endpoint wiring and capability pkg/sippyserver/server.go	jsonJobRunPayload calls the DB-backed lookup with s.db, and /api/job/run/payload requires LocalDBCapability.

Sequence Diagram(s)

sequenceDiagram
  participant Serve
  participant jsonJobRunPayload
  participant PayloadForJobRun as api.PayloadForJobRun
  participant DB as db.DB
  Serve->>jsonJobRunPayload: request to /api/job/run/payload
  jsonJobRunPayload->>PayloadForJobRun: jobRunIDStr
  PayloadForJobRun->>DB: query release_job_runs joined with release_tags
  DB-->>PayloadForJobRun: rows or res.Error
  PayloadForJobRun-->>jsonJobRunPayload: []apitype.JobPayload
  jsonJobRunPayload-->>Serve: JSON payload response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

approved, lgtm

Suggested reviewers

• smg247
• xueqzhan
• deads2k

🚥 Pre-merge checks | ✅ 20 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Test Coverage For New Features	⚠️ Warning	No tests cover PayloadForJobRun or /api/job/run/payload; the existing release/server tests cover unrelated helpers only.	Add a regression/unit test for PayloadForJobRun with a test DB, plus an HTTP handler test for /api/job/run/payload and its capability gating.

✅ Passed checks (20 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: moving PayloadForJobRun from BigQuery to PostgreSQL.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Go Error Handling	✅ Passed	PASS: The new DB query checks res.Error, wraps it with %w, no errors are discarded, and the LocalDB gate prevents nil DB use in the handler.
Sql Injection Prevention	✅ Passed	PayloadForJobRun uses GORM placeholders (Where(... = ?, jobRunID)); the join/select are static, so user input isn’t interpolated into SQL.
Excessive Css In React Should Use Styles	✅ Passed	Touched React files only use small one-off style props (1-4 fields); the PR changes don’t add large inline CSS blocks or new complex styling.
Single Responsibility And Clear Naming	✅ Passed	PASS: The new DB-backed PayloadForJobRun, JobPayload type, and handler are narrowly scoped and clearly named; no new generic or multi-purpose abstractions were added.
Feature Documentation	✅ Passed	No docs/features page covers the changed job-payload endpoint; the only feature doc found is unrelated (job-analysis symptoms).
Stable And Deterministic Test Names	✅ Passed	Changed test files use plain Test... functions only; no Ginkgo It/Describe/Context/When titles or dynamic identifiers were added.
Test Structure And Quality	✅ Passed	No Ginkgo specs were added; the changed tests use plain testing/testify, have explicit failure messages, and benchmark helpers use t.Cleanup.
Microshift Test Compatibility	✅ Passed	PASS: The changed tests are plain Go tests/benchmarks; no new Ginkgo specs or MicroShift-unsupported OpenShift APIs/features were added.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only changes non-test code; no new Ginkgo e2e tests or SNO-sensitive assumptions were added.
Topology-Aware Scheduling Compatibility	✅ Passed	Only API/type/server code changed; scans found no anti-affinity, topologySpread, nodeSelector, tolerations, or deployment/controller manifests.
Ote Binary Stdout Contract	✅ Passed	The PR only changes API/db logic; no changed file adds main/init/TestMain stdout writes, and server.go only writes to an HTTP ResponseWriter.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added; the modified tests are unit/functional tests, and I found no IPv4-only or external-connectivity assumptions.
No-Weak-Crypto	✅ Passed	Touched files only change DB query/type/server wiring; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons found.
Container-Privileges	✅ Passed	PR touches code/docs only; direct searches found no privileged, hostPID, hostNetwork, hostIPC, or allowPrivilegeEscalation settings in manifests.
No-Sensitive-Data-In-Logs	✅ Passed	The PR adds only a generic DB error log in PayloadForJobRun; no secrets, PII, hostnames, or customer data are logged in the changed code.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mstaeble
Once this PR has been reviewed and has the lgtm label, please assign dgoodwin for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

Scheduling required tests:
/test e2e

[mstaeble]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[mstaeble]

@coderabbitai full review

[coderabbitai]

✅ Action performed

Full review finished.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@pkg/sippyserver/server.go`:
- Line 1364: The job-run payload lookup is missing request cancellation
propagation, so the database query cannot stop on canceled or timed-out
requests. Update the call site in server.go to pass req.Context() into
PayloadForJobRun, and update PayloadForJobRun to accept a context.Context and
use GORM’s WithContext on the query path so the lookup honors request
cancellation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 3d667704-38bb-4126-aa44-275a1ea70a23

📥 Commits

Reviewing files that changed from the base of the PR and between 09af781 and aa341d4.

📒 Files selected for processing (4)

• pkg/api/releases.go
• pkg/apis/api/types.go
• pkg/bigquery/bqlabel/labels.go
• pkg/sippyserver/server.go

💤 Files with no reviewable changes (1)

• pkg/bigquery/bqlabel/labels.go

[openshift-merge-bot]

Scheduling required tests:
/test e2e

[openshift-ci]

@mstaeble: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.