Ensure all new records in software_license_policies have a custom_software_license_id or spdx_identifier

Why are we doing this work

We are working towards removing the software_licenses table as part of our database refactoring efforts. Before we can remove the software_license_id column from the software_license_policies table, we need to ensure that all records have either a custom_software_license_id or spdx_identifier set. This work is a critical step in our database migration path to eliminate dependencies on the deprecated software_licenses table.

In MR !180958 (merged), we updated our code to find/create and link custom_software_licenses to software_license_policies when the software_license is persisted in the database without the spdx_identifier.

In MR !179744 (merged) we persisted the software_license_spdx_identifier using the information from the ::Gitlab::SPDX::Catalogue when the static_licenses is disabled to prepare our database for the software_licenses table removal.

Relevant links

• MR: Update code to find/create and link custom_software_licenses
• MR: Persist software_license_spdx_identifier using SPDX Catalogue
• SPDX Catalogue documentation

Verification steps

1. Check-out the corresponding branch
2. Create a new software license policy and verify that it requires either custom_software_license_id or spdx_identifier
3. Attempt to create a policy without either field and verify that it fails validation
4. Run the migration script and verify that all existing records now have either custom_software_license_id or spdx_identifier set
5. Verify that all tests pass, including the new validation tests
6. Verify that the database constraint is properly enforced