Add sbom_occurrences table and model (!90814) · Merge requests · GitLab.org / GitLab

Brian Williams requested to merge bwill/add-sbom-occurrences into master Jun 22, 2022

What does this MR do and why?

This is part of a three-phase implementation for adding new models to support the tracking of Software Bill of Materials (SBoM) components in GitLab. SBoM is used to create an inventory of the software components which make up an application. We will have dependency scanning / container scanning CI jobs produce CycloneDX SBoM reports as job artifacts. These job artifacts will be consumed by Rails (#360766 (closed)), parsed (#366194 (closed)), and then stored inside these tables (#364709 (closed)).

Issue: #364576 (closed)
Epic with more background on the feature: &7886
Epic for SBoM ingestion: &8024 (closed)

We're using the following initial schema which was determined from a research spike

Step 1: !90809 (merged)
Step 2: !90812 (merged)
Step 3: !90814 (merged) (this MR)

Migrations

$ scripts/db_tasks db:migrate:down VERSION=20220616183310
main: == 20220616183310 AddProjectForeignKeyToSbomOccurrences: reverting ============
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:sbom_occurrences, {:column=>:project_id})
main:    -> 0.0196s
main: == 20220616183310 AddProjectForeignKeyToSbomOccurrences: reverted (0.0335s) ===
$ scripts/db_tasks db:migrate:down VERSION=20220616183309
main: == 20220616183309 AddSbomSourceForeignKeyToSbomOccurrences: reverting =========
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:sbom_occurrences, {:column=>:source_id})
main:    -> 0.0077s
main: == 20220616183309 AddSbomSourceForeignKeyToSbomOccurrences: reverted (0.0197s) 
$ scripts/db_tasks db:migrate:down VERSION=20220616183240
main: == 20220616183240 AddSbomComponentVersionsForeignKeyToSbomOccurrences: reverting 
main: -- transaction_open?()
main:    -> 0.0000s
main: -- remove_foreign_key(:sbom_occurrences, {:column=>:component_version_id})
main:    -> 0.0090s
main: == 20220616183240 AddSbomComponentVersionsForeignKeyToSbomOccurrences: reverted (0.0225s) 
$ scripts/db_tasks db:migrate:down VERSION=20220616182038
main: == 20220616182038 CreateSbomOccurrences: reverting ============================
main: -- drop_table(:sbom_occurrences, {})
main:    -> 0.0040s
main: == 20220616182038 CreateSbomOccurrences: reverted (0.0085s) ===================
$ scripts/db_tasks db:migrate
main: == 20220616182038 CreateSbomOccurrences: migrating ============================
main: -- create_table(:sbom_occurrences, {})
main: -- quote_column_name(:ref)
main:    -> 0.0000s
main:    -> 0.0125s
main: == 20220616182038 CreateSbomOccurrences: migrated (0.0134s) ===================
main: == 20220616183240 AddSbomComponentVersionsForeignKeyToSbomOccurrences: migrating 
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:sbom_occurrences)
main:    -> 0.0050s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_occurrences\nADD CONSTRAINT fk_4b88e5b255\nFOREIGN KEY (component_version_id)\nREFERENCES sbom_component_versions (id)\nON DELETE CASCADE\nNOT VALID;\n")
main:    -> 0.0013s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0004s
main: -- execute("ALTER TABLE sbom_occurrences VALIDATE CONSTRAINT fk_4b88e5b255;")
main:    -> 0.0013s
main: -- execute("RESET statement_timeout")
main:    -> 0.0004s
main: == 20220616183240 AddSbomComponentVersionsForeignKeyToSbomOccurrences: migrated (0.0154s) 
main: == 20220616183309 AddSbomSourceForeignKeyToSbomOccurrences: migrating =========
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:sbom_occurrences)
main:    -> 0.0042s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_occurrences\nADD CONSTRAINT fk_c2a5562923\nFOREIGN KEY (source_id)\nREFERENCES sbom_sources (id)\nON DELETE SET NULL\nNOT VALID;\n")
main:    -> 0.0010s
main: -- execute("ALTER TABLE sbom_occurrences VALIDATE CONSTRAINT fk_c2a5562923;")
main:    -> 0.0009s
main: == 20220616183309 AddSbomSourceForeignKeyToSbomOccurrences: migrated (0.0092s) 
main: == 20220616183310 AddProjectForeignKeyToSbomOccurrences: migrating ============
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:sbom_occurrences)
main:    -> 0.0040s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE sbom_occurrences\nADD CONSTRAINT fk_157506c0e2\nFOREIGN KEY (project_id)\nREFERENCES projects (id)\nON DELETE CASCADE\nNOT VALID;\n")
main:    -> 0.0020s
main: -- execute("ALTER TABLE sbom_occurrences VALIDATE CONSTRAINT fk_157506c0e2;")
main:    -> 0.0034s
main: == 20220616183310 AddProjectForeignKeyToSbomOccurrences: migrated (0.0126s) ===

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jul 08, 2022 by Mayra Cabrera

Add sbom_occurrences table and model

What does this MR do and why?

Migrations

MR acceptance checklist

Merge request reports