chore: add new field custom_license_refs into license entity

[bxf12315]

Summary by Sourcery

Capture custom licenseRef expressions from SPDX data, map them to readable identifiers using licensing_infos, and store them in a new custom_license_refs column on the license table, with a migration and test to validate the feature

New Features:

• Extract and store custom SPDX licenseRef identifiers as custom_license_refs in the license entity

Enhancements:

• Extend SPDX parsing to return custom_license_refs alongside standard licenses and exceptions
• Introduce mapping from custom license IDs to their names via licensing_infos and format them as "id:name"
• Log a warning for any custom license refs missing from the provided licensing_infos list
• Update LicenseCreator to accept and process a custom_license_list before inserting licenses

Tests:

• Add integration test to verify ingestion and persistence of custom_license_refs from SPDX documents

Chores:

• Add a database migration to add the custom_license_refs column to the license table and update the SeaORM model with serde serialization

[sourcery-ai]

Reviewer's Guide

This PR introduces support for custom license references in the SBOM ingestion pipeline by extending the SPDX parsing logic, enhancing the LicenseCreator to track and construct custom refs, updating the database schema and entity model, and adding an end-to-end test to validate persistence.

Entity relationship diagram for updated License table with custom_license_refs

erDiagram
    LICENSE {
        UUID id PK
        TEXT text
        TEXT[] spdx_licenses
        TEXT[] spdx_license_exceptions
        TEXT[] custom_license_refs
    }

Loading

Entity relationship diagram for License and LicensingInfos

erDiagram
    LICENSE {
        UUID id PK
        TEXT[] custom_license_refs
    }
    LICENSING_INFOS {
        TEXT license_id PK
        TEXT name
    }
    LICENSE ||--o{ LICENSING_INFOS : references

Loading

File-Level Changes

Change	Details	Files
Extend SPDX parsing to extract custom license references.	Change spdx_info signature to return a vector of custom_license_refs Filter parsed licenses for license_ref flags and format identifiers Adjust unwrap fallback to include empty custom_license_refs	modules/ingestor/src/graph/sbom/common/license.rs
Enhance LicenseCreator to handle custom license refs.	Add custom_license_list field and put_custom_license_list setter Filter missing custom refs and log warnings in add() Construct formatted custom refs via construct_custom_license Set custom_license_refs on the ActiveModel insert	modules/ingestor/src/graph/sbom/common/license.rs
Propagate and persist custom refs in the SBOM context.	Expose license_refs via get_copy_license_refs in LicensingInfoCreator Pass custom list to licenses.put_custom_license_list before creation Include custom_license_refs in the insert logic for license entity	modules/ingestor/src/graph/sbom/common/licensing_info.rs modules/ingestor/src/graph/sbom/spdx.rs modules/ingestor/src/graph/sbom/mod.rs
Update entity definition and create migration for new column.	Add serde::Serialize derive and custom_license_refs field to Model Register new migration in Migrator Create migration m0001150 to add/drop custom_license_refs column	entity/src/license.rs migration/src/lib.rs migration/src/m0001150_license_add_custom_license_refs.rs
Add integration test for custom license references.	Introduce test_custom_license_refs_spdx asserting custom_license_refs persisted	modules/fundamental/tests/sbom/license.rs

Possibly linked issues

• #0: The PR adds 'custom_license_refs' to the license table, replacing license IDs with names as requested by the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[codecov]

Codecov Report

❌ Patch coverage is 97.01493% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.40%. Comparing base (c8f7067) to head (af2ea57).

Files with missing lines	Patch %	Lines
...on/src/m0001150_license_add_custom_license_refs.rs	92.59%	0 Missing and 2 partials ⚠️
modules/ingestor/src/graph/sbom/common/license.rs	99.00%	1 Missing ⚠️
modules/ingestor/src/graph/sbom/mod.rs	50.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1912      +/-   ##
==========================================
+ Coverage   68.25%   68.40%   +0.14%     
==========================================
  Files         367      368       +1     
  Lines       23216    23324     +108     
  Branches    23216    23324     +108     
==========================================
+ Hits        15847    15954     +107     
  Misses       6488     6488              
- Partials      881      882       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.