Add source_package_name to sbom_components (!135108) · Merge requests · GitLab.org / GitLab

Tetiana Chupryna requested to merge 427095-add-db-column-for-sbom-component into master Oct 25, 2023

What does this MR do and why?

For Container Scanning: CVS Trigger scans on Trivy ... (&9532 - closed) we need to store source_package_name in sbom_components table. This MR implements it.

Migrations

Up

main: == [advisory_lock_connection] object_id: 179940, pg_backend_pid: 55383
main: == 20231024133234 AddSourcePackageNameToSbomComponent: migrating ==============
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- add_column(:sbom_components, :source_package_name, :text)
main:    -> 0.0013s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_components\nADD CONSTRAINT check_e2dcb53709\nCHECK ( char_length(source_package_name) <= 255 )\nNOT VALID;\n")
main:    -> 0.0008s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0002s
main: -- execute("ALTER TABLE sbom_components VALIDATE CONSTRAINT check_e2dcb53709;")
main:    -> 0.0009s
main: -- execute("RESET statement_timeout")
main:    -> 0.0003s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0006s
main: -- index_exists?(:sbom_components, [:component_type, :source_package_name, :purl_type], {:name=>"index_source_package_names_on_component_and_purl", :unique=>true, :algorithm=>:concurrently})
main:    -> 0.0027s
main: -- add_index(:sbom_components, [:component_type, :source_package_name, :purl_type], {:name=>"index_source_package_names_on_component_and_purl", :unique=>true, :algorithm=>:concurrently})
main:    -> 0.0032s
main: == 20231024133234 AddSourcePackageNameToSbomComponent: migrated (0.1745s) =====

main: == [advisory_lock_connection] object_id: 179940, pg_backend_pid: 55383

Down

main: == [advisory_lock_connection] object_id: 179380, pg_backend_pid: 64948
main: == 20231024133234 AddSourcePackageNameToSbomComponent: reverting ==============
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- remove_column(:sbom_components, :source_package_name)
main:    -> 0.0007s
main: -- transaction_open?(nil)
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0948s
main: -- indexes(:sbom_components)
main:    -> 0.0022s
main: -- current_schema(nil)
main:    -> 0.0001s
main: == 20231024133234 AddSourcePackageNameToSbomComponent: reverted (0.1199s) =====

main: == [advisory_lock_connection] object_id: 179380, pg_backend_pid: 64948

Database lab

exec CREATE UNIQUE INDEX CONCURRENTLY index_source_package_names_on_component_and_purl ON sbom_components USING btree (component_type, source_package_name, purl_type);

The query has been executed. Duration: 5.308 s

Screenshots or screen recordings

No changes in UI

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #427095 (closed)

Edited Oct 27, 2023 by Tetiana Chupryna

Add source_package_name to sbom_components