-
Notifications
You must be signed in to change notification settings - Fork 0
Modifying release groups
Here's a walkthrough on how to add/modify projects to/in a release group.
The API is POST https://app.fossa.com/api/project_group. Here's an example payload:
{
"title": "Test-Name",
"release": {
"projects": [{
"projectId": "custom+1xxx9/python-test",
"branch": "master",
"revisionId": "custom+1xxx9/python-test$2023-03-01T14:56:57Z"
}, {
"projectId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test",
"branch": "master",
"revisionId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test$c75cfe87e51a34eeaf4fff393cc1bcc5b62b6697"
}, {
"projectId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git",
"branch": "main",
"revisionId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git$ce78dcbb04fb232e5a5956dac90545d95829340a"
}, {
"projectId": "custom+1xxx9/c-cpp-test",
"branch": "master",
"revisionId": "custom+1xxx9/c-cpp-test$2022-12-09T22:39:16Z"
}],
"title": "Test-Release"
},
"licensingPolicyId": 32585,
"securityPolicyId": 77403,
"teams": [1768, 2000]
}
This assumes the teams have access to the projects in the release group. If not, you would have to run this endpoint first: PUT https://app.fossa.com/api/teams/<team id>/projects
Here's an example payload of that:
{
"projects": [
"custom+1xxx9/python-test",
"custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test",
"custom+1xxx9/[email protected]:fossas/post_sales_scripts.git",
"custom+1xxx9/c-cpp-test"
],
"action": "add"
}
If you want to use the latest revision of the projects you want in the release group, please see this guide.
Do note that specifying the policies and teams are optional though, so you'd have to adjust the first request payload above accordingly.
Here's the endpoint: PUT https://app.fossa.com/api/project_group/<project-group-id>/release/<release-group-id>,
where <project-group-id> is basically the ID of the release group and <release-group-id> is the version of release group.
Here's the request payload to update an existing release group:
{
"title": "<specify-existing-version>",
"projects": [{
"projectId": "<project-locator>",
"branch": "<branch>",
"revisionId": "<project-locator>$<revision-id>"
"projectsToDelete": []
}
Example:
{
"title": "1.0",
"projects": [{
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
}],
"projectsToDelete": []
}
Compared to the UI (when this endpoint is used), FOSSA will PUT the existing projects, plus the new ones you added, like so:
{
"title": "1.0",
"projects": [{
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id",
"projectGroupReleaseId": <release-group-id>
}, {
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
}
}],
"projectsToDelete": []
}
Notice the first project has the projectGroupReleaseId attribute in the payload.
Here's an example request call. Please note that this is a PUT request, not a POST request:
curl --location --request PUT 'https://app.fossa.com/api/project_group/123/release/1234 ' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <full-access-token>' \
--data '{
"title": "112",
"projects": [
{
"projectId": "custom+<org-id>/test-proj",
"branch": "v2023-summer-release",
"revisionId": "custom+1xxx9/test-proj$revision123"
}
],
"projectsToDelete": []
}'
You can get the latest revision by sorting the response by updatedAt
API: https://app.fossa.com/api/revisions?projectId=<url-encoded-project-locator>
It could mean that you have duped projects in the request payload.