Skip to content

Add release-group issue-listing commands (including ignored-issue rollup) #26

Description

@saramaebee

Why

Reconciling "RG header shows N unresolved issues but Σ per-project counts
come out higher" is a common support workflow. The answer is usually a mix
of (a) cross-project revision-level dedup and (b) issues ignored at the RG
scope. fossapi can't do either side of this today.

Two server endpoints are relevant:

  1. GET /api/project_group/{rg_id}/release/{release_id}/issues — active
    issues only (full per-issue records). Useful for diffing by logical key.
  2. GET /api/v2/issues/revisions with scope[type]=releaseGroup — the
    rollup-by-revision endpoint the webapp uses on the RG dashboard. This is
    the only way to retrieve the RG-scoped ignored set.

Current workaround

# Active issues (detailed)
curl -sH "Authorization: Bearer $FOSSA_API_KEY" \
  "https://app.fossa.com/api/project_group/1234/release/5678/issues"

# Ignored issues (rollup-by-revision, UI endpoint)
curl -sH "Authorization: Bearer $FOSSA_API_KEY" \
  "https://app.fossa.com/api/v2/issues/revisions?\
category=licensing&status=ignored\
&scope[type]=releaseGroup&scope[id]=1234&scope[release]=5678\
&sort=issue_count_desc&page=1&count=200"

Rollup response shape:

{
  "revisions": [
    {
      "revisionId": "mvn+example:pkg$1.0.0",
      "dependencyName": "Example Package",
      "issueCount": 3,
      "projectCount": 5,
      "type": {"policy_flag": 3},
      "depth": {"transitive": 5}
    }
  ]
}

Notable limitation on the v1 endpoint: no query param exposes ignored
issues. Tested ?status=ignored, ?showIgnored=true, ?ignored=true,
?includeResolved=true, ?apply_resolutions=false — all return the
identical active-only set. So you can't reconcile counts using v1 alone.

Proposed CLI surface

# Detailed active issues (v1 shape):
fossapi list release-group-issues <rg_id> [--release <id>] \
    [--category licensing|vulnerability|quality] [--json]

# Rollup including ignored (v2 shape):
fossapi list release-group-issue-rollup <rg_id> [--release <id>] \
    --status active|ignored|all \
    [--category licensing|vulnerability|quality] [--json]

Repro

# "How many issues are ignored at the RG level for RG 1234's latest release?"
# Today: two-step curl + JSON grouping by hand.
# Desired:
fossapi list release-group-issue-rollup 1234 --status ignored --json \
  | jq '[.revisions[].issueCount] | add'

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions