Fix an issue with missing ancestor entries

[ctron]

Performing a query on the analysis endpoints is omitting ancestor elements in some cases.

Ref: https://issues.redhat.com/browse/TC-3170

[sourcery-ai]

Reviewer's Guide

This PR streamlines endpoint tests with a unified request builder, refactors core SBOM collection and resolution routines to return Results (with improved error propagation, logging, and helper extraction), updates service loading to handle external SBOMs declaratively, and adds a deep subset test alongside minor ingestion tweaks.

Sequence diagram for improved SBOM external resolution and graph loading

sequenceDiagram
    participant Service as AnalysisService
    participant Loader as InnerService
    participant DB as Database
    participant Collector
    Service->>Loader: load_graphs_inner(connection, sbom_ids, seen)
    loop for each sbom_id
        Loader->>DB: Query SBOM by ID
        DB-->>Loader: SBOM data
        Loader->>DB: Query external nodes for SBOM
        DB-->>Loader: External node list
        loop for each external node
            Loader->>DB: resolve_external_sbom(node_id, connection)
            DB-->>Loader: Option<ResolvedSbom>
            alt ResolvedSbom found
                Loader->>Loader: Recursively load_graphs_inner for resolved SBOM
            else Not found
                Loader->>Loader: Log warning, skip
            end
        end
    end
    Loader-->>Service: Vec<(String, Arc<PackageGraph>)>

Loading

Class diagram for refactored Collector and related helper methods

classDiagram
    class Collector {
        +collect() Result<Option<Vec<Node>>, Error>
        +collect_graph() Result<Vec<Node>, Error>
        -collect_external(external_node: &ExternalNode) Result<Option<Vec<Node>>, Error>
        -collect_package(current_node: &PackageNode) Result<Option<Vec<Node>>, Error>
    }
    class Node
    class Error
    class ExternalNode
    class PackageNode
    Collector --> Node
    Collector --> Error
    Collector --> ExternalNode
    Collector --> PackageNode

Loading

Class diagram for refactored SBOM resolution helpers

classDiagram
    class ResolvedSbom {
        +sbom_id: Uuid
        +node_id: String
    }
    class AnalysisService {
        +load_graphs_inner(connection, sbom_ids, seen) Result<Vec<(String, Arc<PackageGraph>)>, Error>
    }
    class Error
    class sbom_external_node_Entity
    class sbom_node_checksum_Entity
    class sbom_Entity
    class source_document_Entity
    AnalysisService --> ResolvedSbom
    AnalysisService --> Error
    ResolvedSbom --> sbom_external_node_Entity
    ResolvedSbom --> sbom_node_checksum_Entity
    ResolvedSbom --> sbom_Entity
    ResolvedSbom --> source_document_Entity

Loading

Class diagram for Graph ingestion tweak (CreateOutcome)

classDiagram
    class Graph {
        +create_source_document(digests, connection, f) Result<CreateOutcome, Error>
    }
    class CreateOutcome {
        +Created(id: Uuid)
    }
    class Error
    Graph --> CreateOutcome
    Graph --> Error

Loading

File-Level Changes

Change	Details	Files
Tests now use a unified Req builder instead of raw HTTP URIs	Add Req and ReqExt in endpoints/tests/req.rs to encapsulate path/param construction Replace manual TestRequest calls in latest_filters.rs with app.req(Req{…}) Expose the new req module in endpoints/tests/mod.rs	modules/analysis/src/endpoints/tests/latest_filters.rs modules/analysis/src/endpoints/tests/req.rs modules/analysis/src/endpoints/tests/mod.rs
Collector.collect and related flows refactored to return Result and split into helper methods	Change collect signature from Option<Vec> to Result<Option<Vec>, Error> Extract collect_external and collect_package helper methods Replace early Option returns with Result propagation using ?	modules/analysis/src/service/collector.rs
Database resolution helpers now return Result<Option, Error> and use instrumentation	Update resolve_external_sbom and related functions to return Result<Option, Error> Use ? to propagate DB errors instead of swallowing them Add tracing instrumentation and debug logs for better observability	modules/analysis/src/service/mod.rs
AnalysisService and load_graphs_inner refactored to return Result and handle external SBOMs declaratively	Change endpoint methods in AnalysisService to return Result and propagate errors Rewrite load_graphs_inner to iterate distinct IDs, manage seen set, and load external SBOMs in a loop Switch collect pipelines to try_collect/try_filter_map to bubble up errors	modules/analysis/src/service/mod.rs modules/analysis/src/service/load.rs
Add deep JSON subset test in test-context	Introduce test_array_subset_deep to validate nested array subset matching	test-context/src/subset.rs
Minor tweaks: update graph ID generation and dependencies	Set explicit Uuid in ingestor/src/graph create path instead of default Add test-log dependency in Cargo.toml	modules/ingestor/src/graph/mod.rs Cargo.toml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.