Add filter by package_name for dependencies
What does this MR do and why?
Add filter by package managers name for dependencies. In alignment with the existing dependency list services.
Changelog: changed EE: true
Related issue: #389606 (closed)
Query plan
Link to query plan: https://console.postgres.ai/gitlab/gitlab-production-tunnel-pg12/sessions/18092/commands/60102
SELECT sbom_occurrences.*
FROM sbom_occurrences
INNER JOIN sbom_sources ON sbom_occurrences.source_id = sbom_sources.id
WHERE sbom_sources.source - > 'package_manager' - >> 'name' IN (
'npm'
,'bundler'
)
AND sbom_occurrences.project_id = 24975510;
How to set up and validate locally
- Pick a project with existing dependencies. Otherwise create a project and run a pipeline with the following files:
gitlab-ci.yml
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml-
Gemfile.lockwith the content of this file.
- Filter dependencies via the following graphql:
query {
project(fullPath:<PROJECT_FULL_PATH>){
dependencies(packageManagers: [BUNDLER, NPM], first: 5) {
nodes{
name
packager
}
}
}
}- Expected results:
{
"data": {
"project": {
"dependencies": {
"nodes": [
{
"name": "CFPropertyList",
"packager": "BUNDLER"
},
{
"name": "RedCloth",
"packager": "BUNDLER"
},
{
"name": "acme-client",
"packager": "BUNDLER"
},
{
"name": "actioncable",
"packager": "BUNDLER"
},
{
"name": "actionmailbox",
"packager": "BUNDLER"
}
]
}
}
}
}New Index
Migrate/Rollback
$ bundle exec rails db:migrate:down:main VERSION=20230508093910
main: == [advisory_lock_connection] object_id: 275220, pg_backend_pid: 14905
main: == 20230508093910 CreatePackageManagerNameIndex: reverting ====================
main: -- transaction_open?()
main: -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main: -> 0.0837s
main: -- indexes(:sbom_sources)
main: -> 0.0026s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0002s
main: -- remove_index(:sbom_sources, {:algorithm=>:concurrently, :name=>"index_on_sbom_sources_package_manager_name"})
main: -> 0.0024s
main: -- execute("RESET statement_timeout")
main: -> 0.0002s
main: == 20230508093910 CreatePackageManagerNameIndex: reverted (0.1011s) ===========
main: == [advisory_lock_connection] object_id: 275220, pg_backend_pid: 14905
$ bundle exec rails db:migrate
main: == [advisory_lock_connection] object_id: 275440, pg_backend_pid: 15314
main: == 20230508093910 CreatePackageManagerNameIndex: migrating ====================
main: -- indexes(:sbom_sources)
main: -> 0.1130s
main: -- current_schema()
main: -> 0.0003s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0002s
main: -- execute("CREATE INDEX CONCURRENTLY index_on_sbom_sources_package_manager_name\nON sbom_sources\nUSING BTREE ((source->'package_manager'->>'name'))\n")
main: -> 0.0021s
main: -- execute("RESET statement_timeout")
main: -> 0.0004s
main: == 20230508093910 CreatePackageManagerNameIndex: migrated (0.1229s) ===========
main: == [advisory_lock_connection] object_id: 275440, pg_backend_pid: 15314
ci: == [advisory_lock_connection] object_id: 275620, pg_backend_pid: 15316
ci: == [advisory_lock_connection] object_id: 275620, pg_backend_pid: 15316MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Zamir Martins