Add DECOM workflow type, auto-note/hide on decom, show CVEs on CARD queue items, auto-run migrations in pipeline

- Add DECOM to queue workflow types (red badge, inventory-style display) - When findings are added as DECOM, auto-set note to 'DECOM' and hide row - Hidden rows are excluded from donut charts (removes from pending count) - Show CVEs on CARD/GRANITE/DECOM queue items (was previously omitted) - Add backend/migrations/run-all.js for CI/CD auto-migration execution - Pipeline now runs migrations before service restart on both staging and prod - Add add_decom_workflow_type.js migration (updates CHECK constraint)
2026-05-08 14:51:05 -06:00
parent 3cf0d6be3d
commit cda1eaadc9
6 changed files with 287 additions and 30 deletions
--- a/backend/migrations/add_decom_workflow_type.js
+++ b/backend/migrations/add_decom_workflow_type.js
@@ -0,0 +1,33 @@
+// Migration: Add DECOM to workflow_type CHECK constraint on ivanti_todo_queue
+// Run from backend/: node migrations/add_decom_workflow_type.js
+
+const pool = require('../db');
+
+async function migrate() {
+    console.log('Starting add_decom_workflow_type migration...');
+
+    try {
+        // Drop the existing constraint and add the updated one
+        await pool.query(`
+            ALTER TABLE ivanti_todo_queue
+            DROP CONSTRAINT IF EXISTS ivanti_todo_queue_workflow_type_check
+        `);
+        console.log('✓ Dropped old workflow_type constraint');
+
+        await pool.query(`
+            ALTER TABLE ivanti_todo_queue
+            ADD CONSTRAINT ivanti_todo_queue_workflow_type_check
+            CHECK (workflow_type IN ('FP', 'Archer', 'CARD', 'GRANITE', 'DECOM'))
+        `);
+        console.log('✓ Added updated workflow_type constraint (includes DECOM)');
+
+        console.log('Migration complete!');
+    } catch (err) {
+        console.error('Migration failed:', err.message);
+        process.exit(1);
+    } finally {
+        await pool.end();
+    }
+}
+
+migrate();
--- a/backend/migrations/run-all.js
+++ b/backend/migrations/run-all.js
@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+// Run all Postgres-compatible migrations in order.
+// Each migration is idempotent (safe to re-run).
+// Used by CI/CD pipeline during deploy to ensure schema is up to date.
+//
+// Usage: cd backend && node migrations/run-all.js
+
+const { execSync } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+
+const MIGRATIONS_DIR = __dirname;
+
+// Only run migrations that use the Postgres pool (not legacy SQLite ones).
+// Add new migrations to this list as they're created.
+const POSTGRES_MIGRATIONS = [
+    'add_decom_workflow_type.js',
+];
+
+async function runAll() {
+    console.log(`[Migrations] Running ${POSTGRES_MIGRATIONS.length} Postgres migration(s)...`);
+    let succeeded = 0;
+    let failed = 0;
+
+    for (const file of POSTGRES_MIGRATIONS) {
+        const fullPath = path.join(MIGRATIONS_DIR, file);
+        if (!fs.existsSync(fullPath)) {
+            console.error(`  [FAIL] ${file}: file not found`);
+            failed++;
+            continue;
+        }
+
+        try {
+            console.log(`  [run]  ${file}`);
+            execSync(`node ${fullPath}`, {
+                cwd: path.join(MIGRATIONS_DIR, '..'),
+                stdio: 'inherit',
+                timeout: 30000,
+            });
+            succeeded++;
+        } catch (err) {
+            console.error(`  [FAIL] ${file}: exit code ${err.status}`);
+            failed++;
+        }
+    }
+
+    console.log(`[Migrations] Done: ${succeeded} applied, ${failed} failed`);
+    if (failed > 0) process.exit(1);
+}
+
+runAll();