Remove software_licenses table
As discussed in this thread, after moving the custom_licenses
to the custom_software_licenses
table, the software_licenses
will only be used for the SPDX licenses.
The SPDX licenses are updated by the ImportSoftwareLicensesWorker
. This worker runs weekly, and we have a 7 day cache for the SPDX licenses. We are basically reading the SPDX licenses from our cache. In the scope of this issue, we want to capture the effort required to remove the software license table.
Implementation plan
- Add integration tests for the features using the software license to ensure they will still work after the table is removed.
- Keep static files as JSON in the repo cache when we query it.
- In
software_license_policies
store eitherspdx_identifier
orcustom_software_license_id
instead ofsoftware_license_id
and delete thesoftware_licenses
table. - modify all places where we read information from
software_licenses
table (like https://gitlab.com/gitlab-org/gitlab/-/blob/df861bd970872e18937a28f30c2cd0a75f493f52/ee/lib/gitlab/ci/reports/license_scanning/report.rb#L45 or https://gitlab.com/gitlab-org/gitlab/-/blob/cdaf4e2b3adcbb3da9bbfa8483b7dbe0492e6192/ee/lib/security/scan_result_policies/license_violation_checker.rb#L65).
Edited by Marcos Rocha