From ab05dd4c137eb57ff55794a659062f02b4c326bc Mon Sep 17 00:00:00 2001
From: Dustin Ingram <di@users.noreply.github.com>
Date: Mon, 10 Apr 2023 20:05:31 -0400
Subject: [PATCH] Make OIDC columns non-nullable (#13402)

---
 ...6f8fd9ac_make_oidc_columns_non_nullable.py | 127 ++++++++++++++++++
 warehouse/oidc/models.py                      |   8 +-
 2 files changed, 131 insertions(+), 4 deletions(-)
 create mode 100644 warehouse/migrations/versions/665b6f8fd9ac_make_oidc_columns_non_nullable.py

diff --git a/warehouse/migrations/versions/665b6f8fd9ac_make_oidc_columns_non_nullable.py b/warehouse/migrations/versions/665b6f8fd9ac_make_oidc_columns_non_nullable.py
new file mode 100644
index 000000000000..e37c33f783e5
--- /dev/null
+++ b/warehouse/migrations/versions/665b6f8fd9ac_make_oidc_columns_non_nullable.py
@@ -0,0 +1,127 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""
+Make OIDC columns non-nullable
+
+Revision ID: 665b6f8fd9ac
+Revises: 203f1f8dcf92
+Create Date: 2023-04-10 22:02:56.025979
+"""
+
+import sqlalchemy as sa
+
+from alembic import op
+
+revision = "665b6f8fd9ac"
+down_revision = "203f1f8dcf92"
+
+
+def upgrade():
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_name",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_owner",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_owner_id",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "workflow_filename",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_name",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_owner",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_owner_id",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "workflow_filename",
+        existing_type=sa.VARCHAR(),
+        nullable=False,
+    )
+
+
+def downgrade():
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "workflow_filename",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_owner_id",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_owner",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "pending_github_oidc_publishers",
+        "repository_name",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "workflow_filename",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_owner_id",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_owner",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
+    op.alter_column(
+        "github_oidc_publishers",
+        "repository_name",
+        existing_type=sa.VARCHAR(),
+        nullable=True,
+    )
diff --git a/warehouse/oidc/models.py b/warehouse/oidc/models.py
index 7d6b16e6e215..5dc47e4fe94c 100644
--- a/warehouse/oidc/models.py
+++ b/warehouse/oidc/models.py
@@ -234,10 +234,10 @@ class GitHubPublisherMixin:
     Common functionality for both pending and concrete GitHub OIDC publishers.
     """
 
-    repository_name = Column(String)
-    repository_owner = Column(String)
-    repository_owner_id = Column(String)
-    workflow_filename = Column(String)
+    repository_name = Column(String, nullable=False)
+    repository_owner = Column(String, nullable=False)
+    repository_owner_id = Column(String, nullable=False)
+    workflow_filename = Column(String, nullable=False)
 
     __verifiable_claims__ = {
         "sub": _check_sub,