OPEN FOSSA APP

Modifying release groups

This guide shows how to add projects a release group, as well as modifying projects within a release group.

Suggest Edits

Add projects to a release group

The API is POST https://app.fossa.com/api/project_group. Here's an example payload:

{
	"title": "Test-Name",
	"release": {
		"projects": [{
			"projectId": "custom+1xxx9/python-test",
			"branch": "master",
			"revisionId": "custom+1xxx9/python-test$2023-03-01T14:56:57Z"
		}, {
			"projectId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test",
			"branch": "master",
			"revisionId": "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test$c75cfe87e51a34eeaf4fff393cc1bcc5b62b6697"
		}, {
			"projectId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git",
			"branch": "main",
			"revisionId": "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git$ce78dcbb04fb232e5a5956dac90545d95829340a"
		}, {
			"projectId": "custom+1xxx9/c-cpp-test",
			"branch": "master",
			"revisionId": "custom+1xxx9/c-cpp-test$2022-12-09T22:39:16Z"
		}],
		"title": "Test-Release"
	},
	"licensingPolicyId": 3xxx5,
	"securityPolicyId": 7xxx3,
	"teams": [1xx8, 2xx0]
}

This assumes the teams have access to the projects in the release group. If not, you would have to run this endpoint first: PUT https://app.fossa.com/api/teams/<team id>/projects
Here's an example payload of that:

{
	"projects": [
    "custom+1xxx9/python-test", 
    "custom+1xxx9/github.com/fossas/fossa-vendored-dependencies-test", 
    "custom+1xxx9/[email protected]:fossas/post_sales_scripts.git", 
    "custom+1xxx9/c-cpp-test"
  ],
	"action": "add"
}

Fetching the latest revision of the projects

If you want to use the latest revision of the projects you want in the release group, please see this guide.

Things to note about release groups

Do note that specifying the policies and teams are optional though, so you'd have to adjust the first request payload above accordingly.

Update an existing release group

Here's the endpoint: PUT https://app.fossa.com/api/project_group/<project-group-id>/release/<release-group-id>,
where <project-group-id> is basically the ID of the release group and <release-group-id> is the version of release group.

Here's the request payload to update an existing release group:

{
	"title": "<specify-existing-version>",
	"projects": [{
		"projectId": "<project-locator>",
		"branch": "<branch>",
		"revisionId": "<project-locator>$<revision-id>"
	"projectsToDelete": []
}

Example:

{
	"title": "1.0",
	"projects": [{
		"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
		"branch": "main",
		"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
	}],
	"projectsToDelete": []
}

Compared to the UI (when this endpoint is used), FOSSA will PUT the existing projects, plus the new ones you added, like so:

{
	"title": "1.0",
	"projects": [{
		"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
		"branch": "main",
		"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id",
                "projectGroupReleaseId": <release-group-id>
}, {
		"projectId": "custom+1xxx9/dummycom/experience-everything/experience-something",
		"branch": "main",
		"revisionId": "custom+1xxx9/dummycom/experience-everything/experience-something$some-revision-id"
	}
	}],
	"projectsToDelete": []
}

Notice the first project has the projectGroupReleaseId attribute in the payload.

Here's an example request call. Please note that this is a PUT request, not a POST request:

curl --location --request PUT 'https://app.fossa.com/api/project_group/123/release/1234 ' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <full-access-token>' \
--data '{
    "title": "Some project title",
    "projects": [
        {
            "projectId": "custom+<org-id>/test-project",
            "branch": "v2023-summer-release",
            "revisionId": "custom+1xxx9/test-proj$revision123"
        }
    ],
    "projectsToDelete": []
}'

You can get the latest revision by sorting the response by updatedAt
API: https://app.fossa.com/api/revisions?projectId=<url-encoded-project-locator>

Troubleshooting

What if I receive a 500 error code from running this POST endpoint?

It could mean that you have duped projects in the request payload.

Updated 6 months ago

What’s Next