From 6e2e58594eecbafba2f2b065913eef0c9e5219d9 Mon Sep 17 00:00:00 2001
From: Germain Tchuinkam <gtchuinkam@atlassian.com>
Date: Thu, 10 Oct 2024 11:29:37 -0400
Subject: [PATCH 1/4] Added import metrics for better observability

---
 package.json                           | 1 +
 src/resolvers/import-queue-resolver.ts | 5 +++++
 yarn.lock                              | 9 +++++++++
 3 files changed, 15 insertions(+)

diff --git a/package.json b/package.json
index 28c4785..07b5626 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,7 @@
     "@forge/bridge": "^3.5.0",
     "@forge/events": "^0.9.1",
     "@forge/resolver": "^1.5.39",
+    "@forge/metrics": "0.2.17",
     "@forge/ui": "^1.1.0",
     "exponential-backoff": "^3.1.0",
     "js-yaml": "^4.1.0",
diff --git a/src/resolvers/import-queue-resolver.ts b/src/resolvers/import-queue-resolver.ts
index 03eaac5..47956f1 100644
--- a/src/resolvers/import-queue-resolver.ts
+++ b/src/resolvers/import-queue-resolver.ts
@@ -1,6 +1,7 @@
 import { CreateLinkInput } from '@atlassian/forge-graphql';
 import Resolver from '@forge/resolver';
 import { storage } from '@forge/api';
+import { internalMetrics } from '@forge/metrics';
 import { backOff, IBackOffOptions } from 'exponential-backoff';
 
 import { createComponent, updateComponent } from '../client/compass';
@@ -36,6 +37,7 @@ const setFailedRepositoriesToStore = async (project: ImportableProject) => {
 };
 
 resolver.define('import', async (req) => {
+  internalMetrics.counter('compass.gitlab.import.start').incr();
   const { createProjectData } = req.payload as ReqPayload;
 
   // Added this sleep to add some "jitter", and make progress more user-friendly
@@ -86,8 +88,10 @@ resolver.define('import', async (req) => {
       }
 
       if ('err' in updatedComponent) {
+        internalMetrics.counter('compass.bitbucket.import.end.fail').incr();
         await setFailedRepositoriesToStore(project);
       } else {
+        internalMetrics.counter('compass.bitbucket.import.end.success').incr();
         console.log(
           `GitLab project was imported.
         Compass component - ${updatedComponent.id} was updated.`,
@@ -95,6 +99,7 @@ resolver.define('import', async (req) => {
       }
     }
   } catch (err) {
+    internalMetrics.counter('compass.bitbucket.import.end.fail').incr();
     console.error(`Failed to create or update compass component for project "${id}" after all retries`, err);
 
     await setFailedRepositoriesToStore(project);
diff --git a/yarn.lock b/yarn.lock
index 10f5655..72afbb4 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1155,6 +1155,15 @@
     lodash "^4.17.21"
     yaml "^2.3.4"
 
+"@forge/metrics@0.2.17":
+  version "0.2.17"
+  resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/metrics/-/metrics-0.2.17.tgz#4f2f8e6ad59c0ec2bb3a225a8174a1b2e8a313f9"
+  integrity sha512-teQUgLUUIsYBdeuJm90FmdIz46geejel5MgvB+ztind3dmt4bNoj2+qe1DgnNoSvSHHLnqMSO1+reG4FEMSG4A==
+  dependencies:
+    "@forge/api" "3.9.1"
+    "@forge/runtime" "5.10.1"
+    "@forge/util" "1.4.4"
+
 "@forge/resolver@^1.5.39":
   version "1.5.39"
   resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/resolver/-/resolver-1.5.39.tgz#061d26c3c3c9491778dea0a87e492c0a388cb807"

From 98074a9c8fb79f709fcdb8483517c6a85de95d15 Mon Sep 17 00:00:00 2001
From: Germain Tchuinkam <gtchuinkam@atlassian.com>
Date: Thu, 10 Oct 2024 11:43:29 -0400
Subject: [PATCH 2/4] Bump packages

---
 package.json |  4 ++--
 yarn.lock    | 24 ++++++++++++++++++------
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/package.json b/package.json
index 07b5626..742b926 100644
--- a/package.json
+++ b/package.json
@@ -36,11 +36,11 @@
   },
   "dependencies": {
     "@atlassian/forge-graphql": "13.12.0",
-    "@forge/api": "^3.9.1",
+    "@forge/api": "^3.9.2",
     "@forge/bridge": "^3.5.0",
     "@forge/events": "^0.9.1",
     "@forge/resolver": "^1.5.39",
-    "@forge/metrics": "0.2.17",
+    "@forge/metrics": "0.2.18",
     "@forge/ui": "^1.1.0",
     "exponential-backoff": "^3.1.0",
     "js-yaml": "^4.1.0",
diff --git a/yarn.lock b/yarn.lock
index 72afbb4..2ae18a2 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -925,7 +925,7 @@
     minimatch "^3.0.4"
     strip-json-comments "^3.1.1"
 
-"@forge/api@3.9.1", "@forge/api@^3.9.1":
+"@forge/api@3.9.1":
   version "3.9.1"
   resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/api/-/api-3.9.1.tgz#8ee05217006e979817b89d753ff9465f614646d5"
   integrity sha512-FUQ0WMZ3lZOe/7H5BAA4hhnm7Q4/KAIMuK2y3vlh9gp55n176zRwY/MvvNWmi/QIi1mHRQsXErAMbPM+dmw3hA==
@@ -937,6 +937,18 @@
     "@types/node-fetch" "^2.6.11"
     node-fetch "2.7.0"
 
+"@forge/api@3.9.2", "@forge/api@^3.9.2":
+  version "3.9.2"
+  resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/api/-/api-3.9.2.tgz#5b2634aae778201c0bd43d65e4a17ea46aeccc27"
+  integrity sha512-KyjmHkyZLumb2qcSble4A/gHrH0blx+Mn3Zrs+4JlBYgs+iUFp5HW3o2Ui8ITBN+xtnVwQg8KAz1D88foGtW8A==
+  dependencies:
+    "@forge/auth" "0.0.5"
+    "@forge/egress" "1.2.13"
+    "@forge/storage" "1.5.15"
+    "@forge/util" "1.4.4"
+    "@types/node-fetch" "^2.6.11"
+    node-fetch "2.7.0"
+
 "@forge/api@^2.21.0":
   version "2.22.1"
   resolved "https://registry.yarnpkg.com/@forge/api/-/api-2.22.1.tgz#3ecafc63816669b1b0b7d9d28d8c6a2a7365dfb7"
@@ -1155,12 +1167,12 @@
     lodash "^4.17.21"
     yaml "^2.3.4"
 
-"@forge/metrics@0.2.17":
-  version "0.2.17"
-  resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/metrics/-/metrics-0.2.17.tgz#4f2f8e6ad59c0ec2bb3a225a8174a1b2e8a313f9"
-  integrity sha512-teQUgLUUIsYBdeuJm90FmdIz46geejel5MgvB+ztind3dmt4bNoj2+qe1DgnNoSvSHHLnqMSO1+reG4FEMSG4A==
+"@forge/metrics@0.2.18":
+  version "0.2.18"
+  resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/metrics/-/metrics-0.2.18.tgz#bf5068459e9876510be1f2a7babf75f3e5fce326"
+  integrity sha512-L4dPf1Pb8RjGgbLvk2zA1+rww6Uxp8Pa4O5YrWSrvrKvsT/m6nWKv1xrl6Qk5OTeBhp6He2Sf3/3wwJURT3U2A==
   dependencies:
-    "@forge/api" "3.9.1"
+    "@forge/api" "3.9.2"
     "@forge/runtime" "5.10.1"
     "@forge/util" "1.4.4"
 

From b6c58f2c08617593b96dcb4689a78b044b9e0633 Mon Sep 17 00:00:00 2001
From: Germain Tchuinkam <gtchuinkam@atlassian.com>
Date: Thu, 10 Oct 2024 11:51:39 -0400
Subject: [PATCH 3/4] Fix snyk VULN

---
 package.json |  3 +++
 yarn.lock    | 18 ++++--------------
 2 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/package.json b/package.json
index 742b926..0a7282d 100644
--- a/package.json
+++ b/package.json
@@ -47,6 +47,9 @@
     "lodash": "^4.17.21",
     "url-parse": "^1.5.10"
   },
+  "resolutions": {
+    "ws": "8.17.1"
+  },
   "scripts": {
     "compile": "tsc --noEmit",
     "prepare": "husky install",
diff --git a/yarn.lock b/yarn.lock
index 2ae18a2..02cccaf 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -9749,20 +9749,10 @@ write-file-atomic@^3.0.0:
     signal-exit "^3.0.2"
     typedarray-to-buffer "^3.1.5"
 
-ws@^7.3.1, ws@^7.5.9:
-  version "7.5.9"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.9.tgz#54fa7db29f4c7cec68b1ddd3a89de099942bb591"
-  integrity sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==
-
-ws@^7.4.6:
-  version "7.5.7"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.7.tgz#9e0ac77ee50af70d58326ecff7e85eb3fa375e67"
-  integrity sha512-KMvVuFzpKBuiIXW3E4u3mySRO2/mCHSyZDJQM5NQ9Q9KHWHWh0NHgfbRMLLrceUK5qAL4ytALJbpRMjixFZh8A==
-
-ws@^8.13.0:
-  version "8.14.2"
-  resolved "https://registry.yarnpkg.com/ws/-/ws-8.14.2.tgz#6c249a806eb2db7a20d26d51e7709eab7b2e6c7f"
-  integrity sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==
+ws@8.17.1, ws@^7.3.1, ws@^7.4.6, ws@^7.5.9, ws@^8.13.0:
+  version "8.17.1"
+  resolved "https://packages.atlassian.com/api/npm/npm-remote/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
+  integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==
 
 xml-name-validator@^3.0.0:
   version "3.0.0"

From 03e621114b0ede49d53f496d6642496dd7d74365 Mon Sep 17 00:00:00 2001
From: Germain Tchuinkam <gtchuinkam@atlassian.com>
Date: Tue, 15 Oct 2024 13:39:52 -0400
Subject: [PATCH 4/4] Pipeline fixes

---
 package.json | 3 ---
 yarn.lock    | 9 +++++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index a558d05..969b399 100644
--- a/package.json
+++ b/package.json
@@ -47,9 +47,6 @@
     "lodash": "^4.17.21",
     "url-parse": "^1.5.10"
   },
-  "resolutions": {
-    "ws": "8.17.1"
-  },
   "scripts": {
     "compile": "tsc --noEmit",
     "prepare": "husky install",
diff --git a/yarn.lock b/yarn.lock
index 03d75f0..b3127d6 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -937,7 +937,7 @@
     "@types/node-fetch" "^2.6.11"
     node-fetch "2.7.0"
 
-"@forge/api@3.9.2", "@forge/api@^3.9.2":
+"@forge/api@3.9.2", "@forge/api@^3.9.1":
   version "3.9.2"
   resolved "https://packages.atlassian.com/api/npm/npm-remote/@forge/api/-/api-3.9.2.tgz#5b2634aae778201c0bd43d65e4a17ea46aeccc27"
   integrity sha512-KyjmHkyZLumb2qcSble4A/gHrH0blx+Mn3Zrs+4JlBYgs+iUFp5HW3o2Ui8ITBN+xtnVwQg8KAz1D88foGtW8A==
@@ -9749,7 +9749,12 @@ write-file-atomic@^3.0.0:
     signal-exit "^3.0.2"
     typedarray-to-buffer "^3.1.5"
 
-ws@8.17.1, ws@^7.3.1, ws@^7.4.6, ws@^7.5.9, ws@^8.13.0:
+ws@^7.3.1, ws@^7.4.6, ws@^7.5.9:
+  version "7.5.10"
+  resolved "https://packages.atlassian.com/api/npm/npm-remote/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
+  integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
+
+ws@^8.13.0:
   version "8.17.1"
   resolved "https://packages.atlassian.com/api/npm/npm-remote/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b"
   integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==