Skip to content

feat(db): add indexed CVE column to ImageCVEInfo table#18822

Merged
ajheflin merged 4 commits intomasterfrom
ajheflin/add-cve-column
Feb 4, 2026
Merged

feat(db): add indexed CVE column to ImageCVEInfo table#18822
ajheflin merged 4 commits intomasterfrom
ajheflin/add-cve-column

Conversation

@ajheflin
Copy link
Contributor

@ajheflin ajheflin commented Feb 3, 2026
edited
Loading

Description

Add a dedicated cve column with btree index to the ImageCVEInfo table to enable efficient lookups by CVE name without parsing the composite ID.

This allows queries like:

SELECT min(first_system_occurrence) FROM image_cve_infos WHERE cve=$1;

Previously, the CVE was only stored as part of the composite primary key (cve#package#datasource), requiring string parsing for CVE lookups.

Changes:

  • Add cve field (field 4) to ImageCVEInfo proto with btree index
  • Populate Cve field in both image datastore implementations
  • Update tests to include the new field
  • Regenerate postgres schema and proto bindings

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • modified existing tests

How I validated my change

  • Verified all modified packages compile successfully
  • Verified test files compile with sql_integration build tag
  • Confirmed generated schema includes the new indexed column: 
    Cve string `gorm:"column:cve;type:varchar;index:imagecveinfos_cve,type:btree"`

🤖 Generated with Claude Code

@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table
54a4991 
Add a dedicated `cve` column with btree index to ImageCVEInfo table to
enable efficient lookups by CVE name without parsing the composite ID.

This allows queries like:
  SELECT min(first_system_occurrence) FROM image_cve_infos WHERE cve=$1;

Previously, the CVE was only stored as part of the composite primary key
(cve#package#datasource), requiring string parsing for CVE lookups.

Changes:
- Add cve field (field #4) to ImageCVEInfo proto with btree index
- Populate Cve field in both image datastore implementations
- Update tests to include the new field
- Regenerate postgres schema and proto bindings

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@openshift-ci
Copy link

openshift-ci bot commented Feb 3, 2026

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@ajheflin ajheflin marked this pull request as ready for review February 3, 2026 18:52
@ajheflin ajheflin requested a review from a team as a code owner February 3, 2026 18:52
dashrews78
dashrews78 reviewed Feb 3, 2026
View reviewed changes
@dashrews78
Copy link
Contributor

dashrews78 commented Feb 3, 2026

Should check with @charmik-redhat to make sure that search tag won't cause us issues with the join logic. I'm pretty sure this is OK because the image info schema doesn't reference any other schema so the search framework should not find any random joins.

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Feb 3, 2026
edited
Loading

Images are ready for the commit at 7cb5c33.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-29-g7cb5c33f35.

@codecov
Copy link

codecov bot commented Feb 3, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 49.40%. Comparing base (ac4ec9a) to head (7cb5c33).
⚠️ Report is 5 commits behind head on master.

Files with missing lines Patch % Lines
central/imagev2/datastore/datastore_impl.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #18822      +/-   ##
==========================================
+ Coverage   49.38%   49.40%   +0.01%     
==========================================
  Files        2659     2659              
  Lines      200749   200615     -134     
==========================================
- Hits        99139    99106      -33     
+ Misses      94169    94092      -77     
+ Partials     7441     7417      -24
Flag Coverage Δ
go-unit-tests 49.40% <80.00%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@charmik-redhat
Copy link
Contributor

charmik-redhat commented Feb 3, 2026
edited
Loading

Should check with @charmik-redhat to make sure that search tag won't cause us issues with the join logic. I'm pretty sure this is OK because the image info schema doesn't reference any other schema so the search framework should not find any random joins.

I asked you the same thing in another comment lol

The getJoinsAndFields func needs a root schema and this table isn't related to any other tables. So it shouldn't select this table to join with others.

@ajheflin ajheflin enabled auto-merge (squash) February 3, 2026 22:39
dcaravel
dcaravel approved these changes Feb 4, 2026
View reviewed changes
Copy link
Contributor

@dcaravel dcaravel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ajheflin @claude
fix: regenerate token_service.pb.go to match CI protoc output
7cb5c33 
The previous commit had alignment padding in the proto-generated file
that differs from what the CI protoc version produces. Regenerated
to fix the check-generated-files CI failure.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@openshift-ci
Copy link

openshift-ci bot commented Feb 4, 2026
edited
Loading

@ajheflin: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/ocp-4-12-scanner-v4-install-tests 536c196 link false /test ocp-4-12-scanner-v4-install-tests
ci/prow/ocp-4-12-qa-e2e-tests 536c196 link false /test ocp-4-12-qa-e2e-tests
ci/prow/ocp-4-20-ui-e2e-tests 7cb5c33 link false /test ocp-4-20-ui-e2e-tests

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ajheflin
Copy link
Contributor Author

ajheflin commented Feb 4, 2026

/retest

@ajheflin ajheflin merged commit 20cfa42 into master Feb 4, 2026
98 of 103 checks passed
@ajheflin ajheflin deleted the ajheflin/add-cve-column branch February 4, 2026 03:08
@rhacs-bot
Copy link
Contributor

rhacs-bot commented Feb 4, 2026

The backport to release-4.10 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-release-4.10 release-4.10
# Navigate to the new working tree
cd .worktrees/backport-release-4.10
# Create a new branch
git switch --create backport-18822-to-release-4.10
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 20cfa42f68facbae0370a14055b232308f9577f9
# Push it to GitHub
git push --set-upstream origin backport-18822-to-release-4.10
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-release-4.10

Then, create a pull request where the base branch is release-4.10 and the compare/head branch is backport-18822-to-release-4.10.

ajheflin added a commit that referenced this pull request Feb 4, 2026
@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table (#18822)
0045a72 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
(cherry picked from commit 20cfa42)
@ajheflin ajheflin mentioned this pull request Feb 4, 2026
Merged
9 tasks
ajheflin added a commit that referenced this pull request Feb 4, 2026
@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table (#18822)
7b1bc76 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
(cherry picked from commit 20cfa42)
ajheflin added a commit that referenced this pull request Feb 4, 2026
@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table (#18822)
a07c07b 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
(cherry picked from commit 20cfa42)
ajheflin added a commit that referenced this pull request Feb 4, 2026
@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table (#18822)
a64746e 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
ajheflin added a commit that referenced this pull request Feb 4, 2026
@ajheflin @claude
feat(db): add indexed CVE column to ImageCVEInfo table (#18822)
2bfd471 
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@charmik-redhat charmik-redhat charmik-redhat approved these changes

@dashrews78 dashrews78 dashrews78 approved these changes

@dcaravel dcaravel dcaravel approved these changes

@ksurabhi91 ksurabhi91 Awaiting requested review from ksurabhi91

@AlexVulaj AlexVulaj Awaiting requested review from AlexVulaj

@c-du c-du Awaiting requested review from c-du

@clickboo clickboo Awaiting requested review from clickboo

Assignees

No one assigned

Labels

ai-assisted area/central area/postgres backport release-4.10

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ajheflin @dashrews78 @rhacs-bot @charmik-redhat @dcaravel