Update software license policies with non-spdx software_license_spdx_identifiers

What does this MR do and why?

It seems that before the changes of MR !181454 (merged). Some of the software_license_policies records were filled with spdx_identifiers that are not part of the SPDX catalog. This MR adds a background migration to fix these records. We have around 5k records to be fixed.

Database queries

Insert custom_software_license

INSERT INTO "custom_software_licenses" ("name", "project_id")
    VALUES ('non_spdx_software_license_spdx_identifier', 7)
ON CONFLICT ("project_id", "name")
    DO NOTHING
RETURNING
    "id"

https://postgres.ai/console/gitlab/gitlab-production-main/sessions/41917/commands/128560

Search custom_software_license

SELECT
    "custom_software_licenses".*
FROM
    "custom_software_licenses"
WHERE
    "custom_software_licenses"."name" = 'non_spdx_software_license_spdx_identifier'
    AND "custom_software_licenses"."project_id" = 7
LIMIT 1

https://postgres.ai/console/gitlab/gitlab-production-main/sessions/41917/commands/128561

Update custom_software_license_id and software_license_spdx_identifier

UPDATE
    "software_license_policies"
SET
    "updated_at" = '2025-07-29 18:46:19.963726',
    "custom_software_license_id" = 1000002,
    "software_license_spdx_identifier" = NULL
WHERE
    "software_license_policies"."id" = 45311501

https://postgres.ai/console/gitlab/gitlab-production-main/sessions/41952/commands/128696

References

Related to this error(internal-only). More context on this thread(internal-only).

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.