Add more filters to api_key/version to help measure trusted publishin…

…g & attestation adoption (#5256) Signed-off-by: Samuel Giddins <[email protected]>
rubygems · Nov 19, 2024 · 8996a6c · 8996a6c
1 parent 802f0f8
commit 8996a6c
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 0 deletions.
diff --git a/app/avo/resources/api_key.rb b/app/avo/resources/api_key.rb
@@ -3,9 +3,11 @@ class Avo::Resources::ApiKey < Avo::BaseResource
   self.includes = []
 
   class ExpiredFilter < Avo::Filters::ScopeBooleanFilter; end
+  class TrustedPublisherFilter < Avo::Filters::ScopeBooleanFilter; end
 
   def filters
     filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
+    filter TrustedPublisherFilter, arguments: { default: { trusted_publisher: true, not_trusted_publisher: true } }
   end
 
   def fields

diff --git a/app/avo/resources/version.rb b/app/avo/resources/version.rb
@@ -13,9 +13,13 @@ def actions
   end
 
   class IndexedFilter < Avo::Filters::ScopeBooleanFilter; end
+  class TrustedPublisherFilter < Avo::Filters::ScopeBooleanFilter; end
+  class AttestationFilter < Avo::Filters::ScopeBooleanFilter; end
 
   def filters
     filter IndexedFilter, arguments: { default: { indexed: true, yanked: true } }
+    filter TrustedPublisherFilter, arguments: { default: { pushed_with_trusted_publishing: true, pushed_without_trusted_publishing: true } }
+    filter AttestationFilter, arguments: { default: { with_attestations: true, without_attestations: true } }
   end
 
   def fields # rubocop:disable Metrics
@@ -74,6 +78,7 @@ def fields # rubocop:disable Metrics
       field :dependencies, as: :has_many
       field :gem_download, as: :has_one, name: "Downloads"
       field :deletion, as: :has_one
+      field :attestations, as: :has_many
     end
   end
 end
diff --git a/app/models/api_key.rb b/app/models/api_key.rb
@@ -38,6 +38,9 @@ class ScopeError < RuntimeError; end
   scope :oidc, -> { joins(:oidc_id_token) }
   scope :not_oidc, -> { where.missing(:oidc_id_token) }
 
+  scope :trusted_publisher, -> { where("owner_type like ?", "OIDC::TrustedPublisher::%") }
+  scope :not_trusted_publisher, -> { where("owner_type not like ?", "OIDC::TrustedPublisher::%") }
+
   def self.expire_all!
     transaction do
       unexpired.find_each.all?(&:expire!)

diff --git a/app/models/version.rb b/app/models/version.rb
@@ -197,6 +197,22 @@ def self.created_between(start_time, end_time)
     where(created_at: start_time..end_time).order(:created_at, :id)
   end
 
+  def self.pushed_with_trusted_publishing
+    joins(:pusher_api_key).merge(ApiKey.trusted_publisher)
+  end
+
+  def self.pushed_without_trusted_publishing
+    left_joins(:pusher_api_key).merge(ApiKey.not_trusted_publisher.or(where(pusher_api_key: nil).only(:where)))
+  end
+
+  def self.with_attestations
+    where.associated(:attestations)
+  end
+
+  def self.without_attestations
+    where.missing(:attestations)
+  end
+
   def platformed?
     platform != "ruby"
   end