Allow Sbom::Occurence.component_version to be nullable
What does this MR do and why?
Describe in detail what your merge request does and why.
.components[].version
is an optional field in CycloneDX 1.4.
Because of this, we need to account for the fact that the component version may
not be present. This change allows for
sbom_occurrences.component_version_id
to be nullable, and instead
requires that a component_id
must be present. Previously, we would have fetched the
component_id
through the component_version
relation. This allows us to
continue to maintain a component list even if version information for
the component is not available.
See #366194 (comment 1033145384) for more details.
These diagrams illustrate the change:
Before | After |
---|---|
Migrations
Up
main: == 20220726154013 AddComponentIdToSbomOccurrences: migrating ==================
main: -- add_column(:sbom_occurrences, :component_id, :bigint, {:null=>false})
main: -> 0.0027s
main: == 20220726154013 AddComponentIdToSbomOccurrences: migrated (0.0035s) =========
main: == 20220726154014 AddIndexToSbomOccurrencesComponentId: migrating =============
main: -- transaction_open?()
main: -> 0.0000s
main: -- index_exists?(:sbom_occurrences, :component_id, {:name=>"index_sbom_occurrences_on_component_id", :algorithm=>:concurrently})
main: -> 0.0099s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0006s
main: -- add_index(:sbom_occurrences, :component_id, {:name=>"index_sbom_occurrences_on_component_id", :algorithm=>:concurrently})
main: -> 0.0022s
main: -- execute("RESET statement_timeout")
main: -> 0.0006s
main: == 20220726154014 AddIndexToSbomOccurrencesComponentId: migrated (0.0263s) ====
main: == 20220726154015 AddComponentForeignKeyToSbomOccurrences: migrating ==========
main: -- transaction_open?()
main: -> 0.0000s
main: -- foreign_keys(:sbom_occurrences)
main: -> 0.0060s
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("ALTER TABLE sbom_occurrences\nADD CONSTRAINT fk_d857c6edc1\nFOREIGN KEY (component_id)\nREFERENCES sbom_components (id)\nON DELETE CASCADE\nNOT VALID;\n")
main: -> 0.0017s
main: -- execute("ALTER TABLE sbom_occurrences VALIDATE CONSTRAINT fk_d857c6edc1;")
main: -> 0.0015s
main: == 20220726154015 AddComponentForeignKeyToSbomOccurrences: migrated (0.0143s) =
main: == 20220726154016 MakeComponentVersionNullable: migrating =====================
main: -- change_column_null(:sbom_occurrences, :component_version_id, true)
main: -> 0.0012s
main: == 20220726154016 MakeComponentVersionNullable: migrated (0.0014s) ============
Down
$ scripts/db_tasks db:migrate:down VERSION=20220726154016
main: == 20220726154016 MakeComponentVersionNullable: reverting =====================
main: -- change_column_null(:sbom_occurrences, :component_version_id, false)
main: -> 0.0035s
main: == 20220726154016 MakeComponentVersionNullable: reverted (0.0087s) ============
$ scripts/db_tasks db:migrate:down VERSION=20220726154015
main: == 20220726154015 AddComponentForeignKeyToSbomOccurrences: reverting ==========
main: -- transaction_open?()
main: -> 0.0000s
main: -- remove_foreign_key(:sbom_occurrences, {:column=>:component_id})
main: -> 0.0196s
main: == 20220726154015 AddComponentForeignKeyToSbomOccurrences: reverted (0.0329s) =
$ scripts/db_tasks db:migrate:down VERSION=20220726154014
main: == 20220726154014 AddIndexToSbomOccurrencesComponentId: reverting =============
main: -- transaction_open?()
main: -> 0.0000s
main: -- indexes(:sbom_occurrences)
main: -> 0.0105s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0005s
main: -- remove_index(:sbom_occurrences, {:algorithm=>:concurrently, :name=>"index_sbom_occurrences_on_component_id"})
main: -> 0.0016s
main: -- execute("RESET statement_timeout")
main: -> 0.0005s
main: == 20220726154014 AddIndexToSbomOccurrencesComponentId: reverted (0.0246s) ====
$ scripts/db_tasks db:migrate:down VERSION=20220726154013
main: == 20220726154013 AddComponentIdToSbomOccurrences: reverting ==================
main: -- remove_column(:sbom_occurrences, :component_id)
main: -> 0.0022s
main: == 20220726154013 AddComponentIdToSbomOccurrences: reverted (0.0029s) =========
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.