Skip to content

ROX-32714: Do not write empty image id from cve and component stores#19843

Merged
charmik-redhat merged 1 commit intomasterfrom
ROX-32714/cve-and-component-stores-should-not-write-empty-image-id
Apr 7, 2026
Merged

ROX-32714: Do not write empty image id from cve and component stores#19843
charmik-redhat merged 1 commit intomasterfrom
ROX-32714/cve-and-component-stores-should-not-write-empty-image-id

Conversation

@charmik-redhat
Copy link
Copy Markdown
Contributor

@charmik-redhat charmik-redhat commented Apr 6, 2026

Description

  • If imageid is nil (which it will be when FlattenImageData is enabled), ImageComponentV2 and ImageCVEV2 stores shouldn't write an empty imageid into their tables.
  • The stores are not really used in production to upsert CVEs and Components. But they are used in tests, and cause fk violations when an empty imageid is written.

User-facing documentation

  • CHANGELOG update is not needed
  • documentation is not needed

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

change me!

@charmik-redhat charmik-redhat requested a review from a team as a code owner April 6, 2026 18:05
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026
edited
Loading

🚀 Build Images Ready

Images are ready for commit 19fcb9e. To use with deploy scripts:

export MAIN_IMAGE_TAG=4.11.x-581-g19fcb9e2fa

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 49.60%. Comparing base (574d1bd) to head (27ccb7b).
⚠️ Report is 19 commits behind head on master.

Files with missing lines Patch % Lines
...ral/cve/image/v2/datastore/store/postgres/store.go 0.00% 2 Missing ⚠️
...magecomponent/v2/datastore/store/postgres/store.go 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##           master   #19843    +/-   ##
========================================
  Coverage   49.59%   49.60%            
========================================
  Files        2763     2763            
  Lines      208181   208339   +158     
========================================
+ Hits       103256   103344    +88     
- Misses      97261    97330    +69     
- Partials     7664     7665     +1
Flag Coverage Δ
go-unit-tests 49.60% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@openshift-ci
Copy link
Copy Markdown

openshift-ci bot commented Apr 6, 2026

@charmik-redhat: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ocp-4-21-ui-e2e-tests 27ccb7b link false /test ocp-4-21-ui-e2e-tests
ci/prow/ocp-4-21-scanner-v4-install-tests 27ccb7b link false /test ocp-4-21-scanner-v4-install-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@charmik-redhat charmik-redhat merged commit 19fcb9e into master Apr 7, 2026
110 of 113 checks passed
@charmik-redhat charmik-redhat deleted the ROX-32714/cve-and-component-stores-should-not-write-empty-image-id branch April 7, 2026 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dashrews78 dashrews78 dashrews78 approved these changes

Assignees

No one assigned

Labels

area/central

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@charmik-redhat @dashrews78