From 8996a6cc0f900b4af335d605d5bf787e4849a4fa Mon Sep 17 00:00:00 2001
From: Samuel Giddins <segiddins@segiddins.me>
Date: Tue, 19 Nov 2024 11:58:12 -0800
Subject: [PATCH] Add more filters to api_key/version to help measure trusted
 publishing & attestation adoption (#5256)

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>
---
 app/avo/resources/api_key.rb |  2 ++
 app/avo/resources/version.rb |  5 +++++
 app/models/api_key.rb        |  3 +++
 app/models/version.rb        | 16 ++++++++++++++++
 4 files changed, 26 insertions(+)

diff --git a/app/avo/resources/api_key.rb b/app/avo/resources/api_key.rb
index c3c2251565e..4e47a01baf2 100644
--- a/app/avo/resources/api_key.rb
+++ b/app/avo/resources/api_key.rb
@@ -3,9 +3,11 @@ class Avo::Resources::ApiKey < Avo::BaseResource
   self.includes = []
 
   class ExpiredFilter < Avo::Filters::ScopeBooleanFilter; end
+  class TrustedPublisherFilter < Avo::Filters::ScopeBooleanFilter; end
 
   def filters
     filter ExpiredFilter, arguments: { default: { expired: false, unexpired: true } }
+    filter TrustedPublisherFilter, arguments: { default: { trusted_publisher: true, not_trusted_publisher: true } }
   end
 
   def fields
diff --git a/app/avo/resources/version.rb b/app/avo/resources/version.rb
index 4e3e14de176..80c46c18658 100644
--- a/app/avo/resources/version.rb
+++ b/app/avo/resources/version.rb
@@ -13,9 +13,13 @@ def actions
   end
 
   class IndexedFilter < Avo::Filters::ScopeBooleanFilter; end
+  class TrustedPublisherFilter < Avo::Filters::ScopeBooleanFilter; end
+  class AttestationFilter < Avo::Filters::ScopeBooleanFilter; end
 
   def filters
     filter IndexedFilter, arguments: { default: { indexed: true, yanked: true } }
+    filter TrustedPublisherFilter, arguments: { default: { pushed_with_trusted_publishing: true, pushed_without_trusted_publishing: true } }
+    filter AttestationFilter, arguments: { default: { with_attestations: true, without_attestations: true } }
   end
 
   def fields # rubocop:disable Metrics
@@ -74,6 +78,7 @@ def fields # rubocop:disable Metrics
       field :dependencies, as: :has_many
       field :gem_download, as: :has_one, name: "Downloads"
       field :deletion, as: :has_one
+      field :attestations, as: :has_many
     end
   end
 end
diff --git a/app/models/api_key.rb b/app/models/api_key.rb
index 924bf5fc3f2..efc228ced38 100644
--- a/app/models/api_key.rb
+++ b/app/models/api_key.rb
@@ -38,6 +38,9 @@ class ScopeError < RuntimeError; end
   scope :oidc, -> { joins(:oidc_id_token) }
   scope :not_oidc, -> { where.missing(:oidc_id_token) }
 
+  scope :trusted_publisher, -> { where("owner_type like ?", "OIDC::TrustedPublisher::%") }
+  scope :not_trusted_publisher, -> { where("owner_type not like ?", "OIDC::TrustedPublisher::%") }
+
   def self.expire_all!
     transaction do
       unexpired.find_each.all?(&:expire!)
diff --git a/app/models/version.rb b/app/models/version.rb
index f3aa3e75413..7dee3eb7fe4 100644
--- a/app/models/version.rb
+++ b/app/models/version.rb
@@ -197,6 +197,22 @@ def self.created_between(start_time, end_time)
     where(created_at: start_time..end_time).order(:created_at, :id)
   end
 
+  def self.pushed_with_trusted_publishing
+    joins(:pusher_api_key).merge(ApiKey.trusted_publisher)
+  end
+
+  def self.pushed_without_trusted_publishing
+    left_joins(:pusher_api_key).merge(ApiKey.not_trusted_publisher.or(where(pusher_api_key: nil).only(:where)))
+  end
+
+  def self.with_attestations
+    where.associated(:attestations)
+  end
+
+  def self.without_attestations
+    where.missing(:attestations)
+  end
+
   def platformed?
     platform != "ruby"
   end