Add cargo purl_type to package_metadata sync
What does this MR do and why?
This change allows a GitLab instance to pull in cargo
package metadata for use in identifying licenses for projects with cargo
dependencies.
This MR first of 2:
- Add
cargo
as valid type to sbom functionality and package_metadata sync👈 this MR. - Add
cargo
to enabled instance purl_types so thatpackage_metadata
for this can be ingested: Add cargo purl_type to application setting (!156072 - merged) • Igor Frenkel • 17.2
How to set up and validate locally
In rails console:
-
puts PackageMetadata::Package.where(purl_type: :cargo).count # 0
-
Enable the type via application settings.
ap = ApplicationSetting.last ap.package_metadata_purl_types = [14] ap.save
-
Run sync.
lease = Gitlab::ExclusiveLease.new("sync-licenses", timeout: 5.minute); lease.try_obtain PackageMetadata::SyncService.execute(data_type: 'licenses', lease: lease)
-
puts PackageMetadata::Package.where(purl_type: :cargo).count # ~15k
Edited by Igor Frenkel