fix: Resolve CI failures for rating source tracking

fahedouch · claude · fahedouch · commit e5b23d39e00c · 2026-04-08T17:09:17.000+02:00
- Remove unused imports in RatingSourceTest (Checkstyle violations)
- Only audit source changes from non-null values to avoid noisy
  "Source: null → MANUAL" comments on initial analysis creation
- Migrate ProcessScheduledNotificationRuleActivityTest to builder
  pattern for MakeAnalysisCommand

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/apiserver/src/main/java/org/dependencytrack/persistence/AnalysisQueryManager.java b/apiserver/src/main/java/org/dependencytrack/persistence/AnalysisQueryManager.java
@@ -161,7 +161,9 @@ public long makeAnalysis(final MakeAnalysisCommand command) {
 
             if (command.source() != null && canUpdate) {
                 if (analysis.getSource() != command.source()) {
-                    auditTrailComments.add("Source: %s → %s".formatted(analysis.getSource(), command.source()));
+                    if (analysis.getSource() != null) {
+                        auditTrailComments.add("Source: %s → %s".formatted(analysis.getSource(), command.source()));
+                    }
                     analysis.setSource(command.source());
                 }
             }
diff --git a/apiserver/src/test/java/org/dependencytrack/model/RatingSourceTest.java b/apiserver/src/test/java/org/dependencytrack/model/RatingSourceTest.java
@@ -20,9 +20,7 @@
 
 import org.junit.jupiter.api.Test;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
-import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 /**
diff --git a/apiserver/src/test/java/org/dependencytrack/notification/ProcessScheduledNotificationRuleActivityTest.java b/apiserver/src/test/java/org/dependencytrack/notification/ProcessScheduledNotificationRuleActivityTest.java
@@ -99,9 +99,10 @@ void shouldDispatchNewVulnNotification() throws InvalidProtocolBufferException {
                 null, null, Date.from(afterRuleLastFiredAt));
         qm.addVulnerability(vulnB, parentProjectComponent, "internal",
                 null, null, Date.from(afterRuleLastFiredAt));
-        qm.makeAnalysis(new MakeAnalysisCommand(
-                parentProjectComponent, vulnB, AnalysisState.FALSE_POSITIVE,
-                null, null, null, true, null, null, Set.of()));
+        qm.makeAnalysis(new MakeAnalysisCommand(parentProjectComponent, vulnB)
+                .withState(AnalysisState.FALSE_POSITIVE)
+                .withSuppress(true)
+                .withOptions(Set.of()));
 
         // Child project affected by vulnA (BEFORE) and vulnB (AFTER).
         final var childProject = new Project();

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,9 @@ public long makeAnalysis(final MakeAnalysisCommand command) {`
`161`	`161`
`162`	`162`	`if (command.source() != null && canUpdate) {`
`163`	`163`	`if (analysis.getSource() != command.source()) {`
`164`		`- auditTrailComments.add("Source: %s → %s".formatted(analysis.getSource(), command.source()));`
	`164`	`+ if (analysis.getSource() != null) {`
	`165`	`+ auditTrailComments.add("Source: %s → %s".formatted(analysis.getSource(), command.source()));`
	`166`	`+ }`
`165`	`167`	`analysis.setSource(command.source());`
`166`	`168`	`}`
`167`	`169`	`}`