Skip to content

Package Metadata DB with v prefix

Aditya Tiwari requested to merge 436047-fixes-go-package into master

What does this MR do and why?

Fixes Package Metadata DB (External License DB) exports Golang package versions without v prefix.

Update the license version range checker to support v.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before:


pry(main)> package=PackageMetadata::Package.where(purl_type: :golang, name: 'github.com/twmb/murmur3').first
  PackageMetadata::Package Load (0.3ms)  SELECT "pm_packages".* FROM "pm_packages" WHERE "pm_packages"."purl_type" = 4 AND "pm_packages"."name" = 'github.com/twmb/murmur3' ORDER BY "pm_packages"."id" ASC LIMIT 1 /*application:console,db_config_name:main,console_hostname:aditya-works-MacBook-Pro.local,console_username:work,line:(pry):1:in `__pry__'*/
=> #<PackageMetadata::Package:0x000000016c4afea8
 id: 545637,
 purl_type: "golang",
 name: "github.com/twmb/murmur3",
 created_at: Thu, 25 May 2023 05:49:32.247334000 UTC +00:00,
 updated_at: Thu, 21 Dec 2023 07:38:03.535580000 UTC +00:00,
 licenses: [[11], "0.0.0-20180318204424-7f484cea044b", "1.1.7-0.20220427190113-753d98dbde7d", []]>
[2] pry(main)> package.license_ids_for(version:'v1.1.5')
=> []
[3] pry(main)> package.license_ids_for(version:'1.1.5')
=> [11]

Screenshot_2023-12-21_at_2.04.52_PMScreenshot_2023-12-21_at_2.04.47_PM

After:

pry(main)> package=PackageMetadata::Package.where(purl_type: :golang, name: 'github.com/twmb/murmur3').first
  PackageMetadata::Package Load (0.3ms)  SELECT "pm_packages".* FROM "pm_packages" WHERE "pm_packages"."purl_type" = 4 AND "pm_packages"."name" = 'github.com/twmb/murmur3' ORDER BY "pm_packages"."id" ASC LIMIT 1 /*application:console,db_config_name:main,console_hostname:aditya-works-MacBook-Pro.local,console_username:work,line:(pry):1:in `__pry__'*/
=> #<PackageMetadata::Package:0x000000016c4afea8
 id: 545637,
 purl_type: "golang",
 name: "github.com/twmb/murmur3",
 created_at: Thu, 25 May 2023 05:49:32.247334000 UTC +00:00,
 updated_at: Thu, 21 Dec 2023 07:38:03.535580000 UTC +00:00,
 licenses: [[11], "0.0.0-20180318204424-7f484cea044b", "1.1.7-0.20220427190113-753d98dbde7d", []]>
[2] pry(main)> package.license_ids_for(version:'v1.1.5')
=> [11]
[3] pry(main)> package.license_ids_for(version:'1.1.5')
=> [11]

Screenshot_2023-12-21_at_2.05.44_PM

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Run the code above in rails console

OR

  1. Use demo project https://gitlab.com/gitlab-org/secure/tests/go-versions-license-matching
  2. Run pipeline.
  3. View licenses tab.

Related to #436047 (closed)

Edited by Aditya Tiwari

Merge request reports