Skip to content

(breaking change): Remove API call to query for a user's most recent notification. Code locations by Detect will be created without querying notifications API. #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
shantyk merged 6 commits into from
Apr 16, 2026
Merged

(breaking change): Remove API call to query for a user's most recent notification. Code locations by Detect will be created without querying notifications API. #475

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0e1a8fa
WIP: alternative for notification APIs
shantyk Apr 6, 2026
d8a20ad
Update intelligent persistent BDIO upload methods with alternative th…
shantyk Apr 13, 2026
84dfbfd
Binary scan alternative
shantyk Apr 14, 2026
7e10c6a
Add back -SNAPSHOT suffix the version in build.gradle
shantyk Apr 16, 2026
b0411c3
Remove getLatestuserNotification() method and replace any uses with t…
shantyk Apr 16, 2026
326f1a3
Bump major version
shantyk Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ project.ext.moduleName = 'com.blackduck.integration.blackduck-common'
project.ext.javaUseAutoModuleName = 'true'
project.ext.junitShowStandardStreams = 'true'

version = '67.0.21-SNAPSHOT'
version = '67.0.21'
Comment thread
shantyk marked this conversation as resolved.
Outdated

description = 'A library for using various capabilities of Black Duck, notably the REST API and signature scanning.'

Expand Down
6 changes: 6 additions & 0 deletions ...in/java/com/blackduck/integration/blackduck/codelocation/CodeLocationCreationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,12 @@ public <T extends CodeLocationBatchOutput<?>> CodeLocationCreationData<T> create
return new CodeLocationCreationData<>(notificationTaskRange, output);
}

public <T extends CodeLocationBatchOutput<?>> CodeLocationCreationData<T> createCodeLocationsWithoutNotificationTaskRange(CodeLocationCreationRequest<T> codeLocationCreationRequest) throws IntegrationException {
T output = codeLocationCreationRequest.executeRequest();

return new CodeLocationCreationData<>(null, output);
}

public <T extends CodeLocationBatchOutput<?>> T createCodeLocationsAndWait(CodeLocationCreationRequest<T> codeLocationCreationRequest, long timeoutInSeconds) throws IntegrationException, InterruptedException {
return createCodeLocationsAndWait(codeLocationCreationRequest, timeoutInSeconds, DEFAULT_WAIT_INTERVAL_IN_SECONDS);
}
Expand Down
5 changes: 5 additions & 0 deletions ...egration/blackduck/codelocation/intelligentpersistence/IntelligentPersistenceService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,11 @@ public CodeLocationCreationData<UploadBatchOutput> uploadBdio(UploadBatch upload
return uploadBdio(uploadRequest);
}

public CodeLocationCreationData<UploadBatchOutput> uploadBdioWithoutNotificationsQuery(UploadBatch uploadBatch, long timeoutInSeconds, long clientStartTime) throws IntegrationException {
IntelligentPersistenceCodeLocationCreationRequest uploadRequest = this.createUploadRequest(uploadBatch, timeoutInSeconds, clientStartTime);
return codeLocationCreationService.createCodeLocationsWithoutNotificationTaskRange(uploadRequest);
}

public UploadBatchOutput uploadBdioAndWait(CodeLocationCreationRequest<UploadBatchOutput> uploadRequest, long timeoutInSeconds) throws IntegrationException, InterruptedException {
return codeLocationCreationService.createCodeLocationsAndWait(uploadRequest, timeoutInSeconds);
}
Expand Down
1 change: 1 addition & 0 deletions ...ain/java/com/blackduck/integration/blackduck/service/dataservice/NotificationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,7 @@ public Date getLatestNotificationDate() throws IntegrationException {
* @throws IntegrationException
*/
public Date getLatestUserNotificationDate(UserView userView) throws IntegrationException {
logger.warn("Fetching latest notification date for user via a low‑performance API.");
Copy link
Copy Markdown

@psantos1113 psantos1113 Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are warning this method is low performance which API is more performant? Is the more performant API used and this method is a fallback? By warning that this API is in use if we don't use the more performant API and this message appears in the logs a customer may question why are we using an API with low performance and why aren't we using a more performant API. So we will need to be prepared for those questions if we are now informing on the performance of this API.

Copy link
Copy Markdown
Contributor Author

@shantyk shantyk Apr 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is a very good point you raise, and maybe the removal of this method entirely is a better move. Since this is a shared library, I kept the changes limited to what affects Detect only. If I can confirm that Alert also does not use this method, we can safely get rid of it. Below are answers to your questions that will hopefully clear things up:

  1. If we are warning this method is low performance which API is more performant? Is the more performant API used and this method is a fallback? This method is actually obsolete from Detect's perspective, but kept since this is a shared library and I couldn't be sure it wouldn't affect Alert team. Going forward, Detect no longer queries a user's most recent notification (see Detect PR linked in description). The true motivation behind this log statement was to make QA testing easier and spot any missed uses of this API from Detect, if any.
  2. Logs customers may see: Since Detect no longer makes this call, this log statement will never show up. But since you pointed it out, I'm thinking leaving a log statement just to make sure it never shows up is an odd way to do things. I am confident QA will not see this in the logs for any of our scans, across Hub versions, etc. Trace logs can of course confirm this also, I just wanted to make it a little easier to spot by QA. Somewhat related: we do query notifications endpoint (via some other method) in only one remaining edge case due to backwards compatibility needs and for that users see something like this in the Detect logs:
DEBUG [main] --- Using legacy binary scan upload method. This can be slow, consider upgrading to a newer version of Black Duck SCA to enable multipart uploading if possible.
INFO  [main] --- Preparing to upload binary scan file: /Users/shanty/blackduck/example-source/binaries/ifm.tar
DEBUG [main] --- Will use old notifications based waiting for the following code locations: [ifm.tar/shanty-testing/testing binary]
...
DEBUG [main] --- Will use old notifications based waiting for the following code locations: [ifm.tar/shanty-testing/testing binary]
DEBUG [main] --- Notifications after Tue Apr 14 04:47:10 MDT 2026 will be considered.

Sorry for the wall of text, hope that answers your questions. Do you suggest the complete removal of this method? (affects upstream methods and mostly just test cases within this lib)

Copy link
Copy Markdown

@psantos1113 psantos1113 Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. Your points are valid here I just wanted to avoid confusion for our customers and support. If you remove the method that would be a breaking change, so the version needs to change to the next major version. I have looked and Alert does not make this call so it will not be affected either.

Copy link
Copy Markdown
Contributor Author

@shantyk shantyk Apr 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the method getLatestuserNotification() and replaced any uses with the current date instead (this is what Detect does now as well). The reason for fetching latest notification timestamp was just to create a time window for checking new notifications, so the current timestamp works for our use cases just as well and all tests pass.

+Bumped major version.

@psantos1113 @DanaMaxfield Would you mind taking a look when you get a chance at the last 2 commits? Thank you!

BlackDuckRequestBuilder blackDuckRequestBuilder = createLatestDateRequestBuilder();
BlackDuckMultipleRequest<NotificationUserView> requestMultiple = blackDuckRequestBuilder.buildBlackDuckRequest(userNotificationsResponses.apply(userView));
List<NotificationUserView> userNotifications = blackDuckApiClient.getSomeResponses(requestMultiple, 1);
Expand Down