Modifying release groups
This guide shows how to add projects a release group, as well as modifying projects within a release group.
Add projects to a release group
The API is POST https://app.fossa.com/api/project_group
. Here's an example payload:
{
"title": "Test-Name",
"release": {
"projects": [{
"projectId": "custom+1xxx9/python-test",
"branch": "master",
"revisionId": "custom+1xxx9/python-test$2023-03-01T14:56:57Z"
}, {
"projectId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test",
"branch": "master",
"revisionId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test$c75cfe87e51a34eeaf4fff393cc1bcc5b62b6697"
}, {
"projectId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git",
"branch": "main",
"revisionId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git$ce78dcbb04fb232e5a5956dac90545d95829340a"
}, {
"projectId": "custom+1xxx9/c-cpp-test",
"branch": "master",
"revisionId": "custom+1xxx9/c-cpp-test$2022-12-09T22:39:16Z"
}],
"title": "Test-Release"
},
"licensingPolicyId": 3xxx5,
"securityPolicyId": 7xxx3,
"teams": [1xx8, 2xx0]
}
This assumes the teams have access to the projects in the release group. If not, you would have to run this endpoint first: PUT https://app.fossa.com/api/teams/<team id>/projects
Here's an example payload of that:
{
"projects": [
"custom+1xxx9/python-test",
"custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test",
"custom+1xxx9/[email protected]:fossas/post_sales_scripts.git",
"custom+1xxx9/c-cpp-test"
],
"action": "add"
}
Fetching the latest revision of the projects
If you want to use the latest revision of the projects you want in the release group, please see this guide.
Things to note about release groups
Do note that specifying the policies and teams are optional though, so you'd have to adjust the first request payload above accordingly.
Update an existing release group
Here's the endpoint: PUT https://app.fossa.com/api/project_group/<project-group-id>/release/<release-group-id>
,
where <project-group-id>
is basically the ID of the release group and <release-group-id>
is the version of release group.
Here's the request payload to update an existing release group:
{
"title": "<specify-existing-version>",
"projects": [{
"projectId": "<project-locator>",
"branch": "<branch>",
"revisionId": "<project-locator>$<revision-id>"
"projectsToDelete": []
}
Example:
{
"title": "1.0",
"projects": [{
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
}],
"projectsToDelete": []
}
Compared to the UI (when this endpoint is used), FOSSA will PUT the existing projects, plus the new ones you added, like so:
{
"title": "1.0",
"projects": [{
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id",
"projectGroupReleaseId": <release-group-id>
}, {
"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
"branch": "main",
"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
}
}],
"projectsToDelete": []
}
Notice the first project has the projectGroupReleaseId
attribute in the payload.
Here's an example request call. Please note that this is a PUT request, not a POST request:
curl --location --request PUT 'https://app.fossa.com/api/project_group/123/release/1234 ' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <full-access-token>' \
--data '{
"title": "Some project title",
"projects": [
{
"projectId": "custom+<org-id>/test-project",
"branch": "v2023-summer-release",
"revisionId": "custom+1xxx9/test-proj$revision123"
}
],
"projectsToDelete": []
}'
You can get the latest revision by sorting the response by updatedAt
API: https://app.fossa.com/api/revisions?projectId=<url-encoded-project-locator>
Troubleshooting
What if I receive a 500 error code from running this POST endpoint?
It could mean that you have duped projects in the request payload.
Updated about 1 year ago