Add filter by component names for (!120302) · Merge requests · GitLab.org / GitLab

"doc/user/project/repository/repository_mirroring.md" did not exist on "master"

Zamir Martins requested to merge add_filter_by_component_name into master May 10, 2023

What does this MR do and why?

Describe in detail what your merge request does and why.

Add filter by component names for dependencies.

EE: true Changelog: changed

Related issue: #409368 (closed)

Query plan

Link to the single filter query plan

Link to the multiple filter query plan

SELECT 
  "sbom_occurrences".* 
FROM 
  "sbom_occurrences" 
  INNER JOIN "sbom_components" ON "sbom_components"."id" = "sbom_occurrences"."component_id" 
WHERE 
  "sbom_occurrences"."project_id" = 278964 
  AND "sbom_components"."name" IN ('git', 'rack') 
ORDER BY 
  "sbom_occurrences"."id" ASC 
LIMIT 
  100 OFFSET 0

New index

CREATE INDEX index_sbom_occurrences_on_project_id_component_id ON sbom_occurrences USING btree (project_id, component_id);

migrate/rollback

$ bundle exec rails db:migrate:down:main VERSION=20230511132140
main: == [advisory_lock_connection] object_id: 275320, pg_backend_pid: 52990
main: == 20230511132140 CreateComponentIdIndex: reverting ===========================
main: -- transaction_open?()
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0817s
main: -- indexes(:sbom_sources)
main:    -> 0.0027s
main: -- current_schema()
main:    -> 0.0002s
main: == 20230511132140 CreateComponentIdIndex: reverted (0.0924s) ==================

main: == [advisory_lock_connection] object_id: 275320, pg_backend_pid: 52990
$ bundle exec rails db:migrate VERSION=20230511132140
main: == [advisory_lock_connection] object_id: 275560, pg_backend_pid: 53395
main: == 20230511132140 CreateComponentIdIndex: migrating ===========================
main: -- indexes(:sbom_occurrences)
main:    -> 0.0895s
main: == 20230511132140 CreateComponentIdIndex: migrated (0.0929s) ==================

main: == [advisory_lock_connection] object_id: 275560, pg_backend_pid: 53395
ci: == [advisory_lock_connection] object_id: 275740, pg_backend_pid: 53397
ci: == [advisory_lock_connection] object_id: 275740, pg_backend_pid: 53397

How to set up and validate locally

Create a project with the following content:

.gitlab-ci.yml:

include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml

Gemfile.lock: with this content

Through graphql explorer (http://<YOUR_LOCAL_HOST>/-/graphql-explorer) use the following graphql query:

query {
  project(fullPath: <PROJECT_FULL_PATH>){
    dependencies(componentNames:["actioncable", "RedCloth"]){
      nodes{
        name
        location {
          blobPath
          path
        }
      }
    }
  }
}

Expected Response:

{
  "data": {
    "project": {
      "dependencies": {
        "nodes": [
          {
            "name": "RedCloth",
            "location": {
              "blobPath": "/top-level-group/subgroup-test/bottom-project-test/-/blob/0125c367eaf1bcb52ebbfbe09ecf2d1bdb5ceb3b/Gemfile.lock",
              "path": "Gemfile.lock"
            }
          },
          {
            "name": "actioncable",
            "location": {
              "blobPath": "/top-level-group/subgroup-test/bottom-project-test/-/blob/0125c367eaf1bcb52ebbfbe09ecf2d1bdb5ceb3b/Gemfile.lock",
              "path": "Gemfile.lock"
            }
          }
        ]
      }
    }
  }
}

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 11, 2023 by Zamir Martins

Add filter by component names for

What does this MR do and why?

Query plan

New index

migrate/rollback

How to set up and validate locally

MR acceptance checklist

Merge request reports