Skip to content

Commit 1c0a63f

Browse files
ivanvanderbyljeffmendozamrizzimihaimaruseac
authored
Implement RDMS backend (postgres/mysql/sqlite) (guacsec#910)
* Init Artifact and Ent backend Signed-off-by: Ivan Vanderbyl <[email protected]> * Configure backend Signed-off-by: Ivan Vanderbyl <[email protected]> * Change ID type to Int Signed-off-by: Ivan Vanderbyl <[email protected]> * Correct model transform for ID Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement BuilderNode Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix transaction implementation to actually use tx Signed-off-by: Ivan Vanderbyl <[email protected]> * Add package (node) schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageNamespace schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageName schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Add PackageVersions Signed-off-by: Ivan Vanderbyl <[email protected]> * Document how to generate ent nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Add test suite helper for working with sql tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestPackage and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Generate Ent nodes for Package, NS, Names, and Versions Signed-off-by: Ivan Vanderbyl <[email protected]> * Add upsert support for software tree Signed-off-by: Ivan Vanderbyl <[email protected]> * Ensure only two versions were inserted Signed-off-by: Ivan Vanderbyl <[email protected]> * Order tree asc Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing unique versions (WIP) Signed-off-by: Ivan Vanderbyl <[email protected]> * Configure postgres in docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Make ent backend configurable Signed-off-by: Ivan Vanderbyl <[email protected]> * Add Packages query Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement preloads for Packages Signed-off-by: Ivan Vanderbyl <[email protected]> * Ent isOccurrence progress WIP. Signed-off-by: Jeff Mendoza <[email protected]> * Improve build performance in Docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Enable global IDs Signed-off-by: Ivan Vanderbyl <[email protected]> * Incorporate Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Adds Index annotation, but we probably need something different Signed-off-by: Ivan Vanderbyl <[email protected]> * Move to helpers Signed-off-by: Ivan Vanderbyl <[email protected]> * Bridge networking so we can poke at the db from host Signed-off-by: Ivan Vanderbyl <[email protected]> * Migrate to backend package to separate generated files Signed-off-by: Ivan Vanderbyl <[email protected]> * Finish IsOccurrence ingest. Also fix Package ingest to only return the ingested package. Signed-off-by: Jeff Mendoza <[email protected]> * Added IsDependency ingest and query to ent backend. Signed-off-by: Jeff Mendoza <[email protected]> * Refactor backend into separate package, adds Source, and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Use new ent backend package Signed-off-by: Ivan Vanderbyl <[email protected]> * Cache build step Signed-off-by: Ivan Vanderbyl <[email protected]> * Ignore some files for docker Signed-off-by: Ivan Vanderbyl <[email protected]> * Integrate Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Add cleanup command to delete all generated ent code Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename IsDependency to Dependency Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename IsOccurrence to Occurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename ent.IsOccurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve cleanup logic Signed-off-by: Ivan Vanderbyl <[email protected]> * Experimenting Signed-off-by: Ivan Vanderbyl <[email protected]> * Add tests for IsDependency Signed-off-by: Ivan Vanderbyl <[email protected]> * Make tests easier to read Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Update readme on how to run tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add note about tx Signed-off-by: Ivan Vanderbyl <[email protected]> * Try jeff's impl of ingest occurrence Signed-off-by: Ivan Vanderbyl <[email protected]> * Add func to ignore empty slices in cmp Signed-off-by: Ivan Vanderbyl <[email protected]> * Filter dep tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Attempting to get tests passing Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement custom predicates for json qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Change PackageVersion schema so that we can query qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement version qualfier queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove debug statement Signed-off-by: Ivan Vanderbyl <[email protected]> * Test no qualifiers Signed-off-by: Ivan Vanderbyl <[email protected]> * Small refactoring Signed-off-by: Ivan Vanderbyl <[email protected]> * Optimise pkgName query Signed-off-by: Ivan Vanderbyl <[email protected]> * Refactor Occurrences to use Subject edge Signed-off-by: Ivan Vanderbyl <[email protected]> * Simplify package version query Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Add more tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Integrate more of Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * IngestOccurrence with OccurrenceSubject Signed-off-by: mrizzi <[email protected]> * Improve some package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Fixing more tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove OccurrenceSubject and get one test to pass Signed-off-by: Ivan Vanderbyl <[email protected]> * Make all Occurrence tests pass Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename PackageNode to PackageType Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Source to SourceType Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix test Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup package transforms Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix our happy path test Signed-off-by: Ivan Vanderbyl <[email protected]> * Import more of Jeff's work Signed-off-by: Ivan Vanderbyl <[email protected]> * Expose Errorf as a global that we can replace later Signed-off-by: Ivan Vanderbyl <[email protected]> * Always query empty package version Signed-off-by: Ivan Vanderbyl <[email protected]> * Tighter constraints on versions Signed-off-by: Ivan Vanderbyl <[email protected]> * IngestHasSbom implementation Signed-off-by: mrizzi <[email protected]> * Add batch ingest for Artifacts Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestPackages Signed-off-by: Ivan Vanderbyl <[email protected]> * Stub IngestOccurrences Signed-off-by: Ivan Vanderbyl <[email protected]> * Add HasSBOM tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement FindSoftware Signed-off-by: Ivan Vanderbyl <[email protected]> * Limit results in search set Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename SBOM to BillOfMaterials and add SLSAAttestation Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename BuilderNode to Builder now that Ent supports it Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename some nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Use global IDs on tests so that we break any hard coded deps Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix dependency tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSBOM and fix all tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Mod tidy Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement GHSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CVEs Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement OSV and refatcor advisory upserts Signed-off-by: Ivan Vanderbyl <[email protected]> * Change dependency type to enum in pg Signed-off-by: Ivan Vanderbyl <[email protected]> * Add note to readme Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement IsVulnerability Signed-off-by: Ivan Vanderbyl <[email protected]> * Slightly reduce number of fields selected Signed-off-by: Ivan Vanderbyl <[email protected]> * WIP Implementing CertifyVuln Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Vulnerability to CertifyVuln Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename Signed-off-by: Ivan Vanderbyl <[email protected]> * Implements CertifyVuln and IngestVulnerability + Tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HashEqual Ingest and Query Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve Package tests and API Signed-off-by: Ivan Vanderbyl <[email protected]> * Stub SLSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing PkgEqual (WIP) Signed-off-by: Ivan Vanderbyl <[email protected]> * Add SLSA Ingest Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSLSA and IngestSLSA Signed-off-by: Ivan Vanderbyl <[email protected]> * Make artifact query consistent Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix SLSA ingest tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestMaterials Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestDependencies Signed-off-by: Ivan Vanderbyl <[email protected]> * Add Sources query and sources tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement HasSourceAt Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CertifyBad and IngestCertifyBad + tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement CertifyGood and IngestCertifyGood Signed-off-by: Ivan Vanderbyl <[email protected]> * Implementing Node interface Signed-off-by: Ivan Vanderbyl <[email protected]> * Fixing PkgEquals design and tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Small cleanup for consistency Signed-off-by: Ivan Vanderbyl <[email protected]> * Ensure arm compilation doesn't complain Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve the consistency of package queries and transactions Signed-off-by: Ivan Vanderbyl <[email protected]> * Improve code reuse around package queries Signed-off-by: Ivan Vanderbyl <[email protected]> * Possibly break everything Signed-off-by: Ivan Vanderbyl <[email protected]> * Remove Annotations from Ent SBOM schema Signed-off-by: Ivan Vanderbyl <[email protected]> * Run generators Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix my merge mistakes Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename ents Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix certify bad query Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix dependency tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add correct behaviour for match only empty Signed-off-by: Ivan Vanderbyl <[email protected]> * Add ent/contrib gql support Signed-off-by: Ivan Vanderbyl <[email protected]> * Fix pkgversion tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Generate ent code with GQL Support enabled Signed-off-by: Ivan Vanderbyl <[email protected]> * Schema version of pkgequal that has a & b branches instead of M2M, reverted Signed-off-by: Ivan Vanderbyl <[email protected]> * Add ptrWithDefault helper Signed-off-by: Ivan Vanderbyl <[email protected]> * More package tree tests Signed-off-by: Ivan Vanderbyl <[email protected]> * Add IngestSources Signed-off-by: Ivan Vanderbyl <[email protected]> * Update qualifiers match helper Signed-off-by: Ivan Vanderbyl <[email protected]> * More gql code gen for ent Signed-off-by: Ivan Vanderbyl <[email protected]> * All implemented features passing Signed-off-by: Ivan Vanderbyl <[email protected]> * Implement Scorecards Signed-off-by: Ivan Vanderbyl <[email protected]> * Disable 32bit builds since they have issues with int() Signed-off-by: Ivan Vanderbyl <[email protected]> * package: added pkgSpec entities filtering Signed-off-by: mrizzi <[email protected]> * vulnerability: added CertifyVulnSpec entities filtering Signed-off-by: mrizzi <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Use no-op for upserts Signed-off-by: Ivan Vanderbyl <[email protected]> * Update .gitignore Co-authored-by: Mihai Maruseac <[email protected]> * Add neptude backend to validation Signed-off-by: Ivan Vanderbyl <[email protected]> * Cleanup Signed-off-by: Ivan Vanderbyl <[email protected]> * Tidy Signed-off-by: Ivan Vanderbyl <[email protected]> * Rename SecurityAdvisory to Vulnerability Signed-off-by: Ivan Vanderbyl <[email protected]> * Update package spec Signed-off-by: Ivan Vanderbyl <[email protected]> * Mark ent as experimental Signed-off-by: Ivan Vanderbyl <[email protected]> * Update vuln nodes Signed-off-by: Ivan Vanderbyl <[email protected]> * Refactoring backend so that vulns work Signed-off-by: Ivan Vanderbyl <[email protected]> * Comment out vuln and dep code that needs to be updated Signed-off-by: Ivan Vanderbyl <[email protected]> * Enable go arm arch again Signed-off-by: Ivan Vanderbyl <[email protected]> * Use inmem backend by default Signed-off-by: Ivan Vanderbyl <[email protected]> * Add CertifyVEXStatement and IngestVEXStatement Signed-off-by: mrizzi <[email protected]> * CertifyVex snake_case fields Signed-off-by: mrizzi <[email protected]> * IngestVEXStatement: managed DB insert conflict with Ignore() Signed-off-by: mrizzi <[email protected]> * Comment out Vex Signed-off-by: Ivan Vanderbyl <[email protected]> * Enhance 'Node' and add 'Nodes' endpoints Signed-off-by: mrizzi <[email protected]> * Node: Added SourceType, Builder, SecurityAdvisory and refactored TestNode Signed-off-by: mrizzi <[email protected]> * Restricted some queries and proposed new tests approach Signed-off-by: mrizzi <[email protected]> * Refactored SecurityAdvisory to VulnerabilityType Signed-off-by: mrizzi <[email protected]> * Completed test refactoring Signed-off-by: mrizzi <[email protected]> * Fix Static Analysis Signed-off-by: mrizzi <[email protected]> * Fix Lint checks Signed-off-by: mrizzi <[email protected]> * Fix Static Analysis - copyright notice Signed-off-by: mrizzi <[email protected]> * Enable postgres GH service Signed-off-by: mrizzi <[email protected]> * Fix Unit tests: TestEntBackendSuite/TestCertifyBad/HappyPath Signed-off-by: mrizzi <[email protected]> * Scorecards: fix source namespace query Signed-off-by: mrizzi <[email protected]> * Commented TestVulnerability: endpoint commented Signed-off-by: mrizzi <[email protected]> * Test suite util Signed-off-by: mrizzi <[email protected]> * CI for integration tests: enable postgres GH service Signed-off-by: mrizzi <[email protected]> --------- Signed-off-by: Ivan Vanderbyl <[email protected]> Signed-off-by: Jeff Mendoza <[email protected]> Signed-off-by: mrizzi <[email protected]> Co-authored-by: Jeff Mendoza <[email protected]> Co-authored-by: mrizzi <[email protected]> Co-authored-by: Mihai Maruseac <[email protected]>
1 parent 1bba6a4 commit 1c0a63f

File tree

271 files changed

+115124
-131
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

271 files changed

+115124
-131
lines changed

.github/scripts/excluded_from_copyright

+233-48
Original file line numberDiff line numberDiff line change
@@ -1,62 +1,247 @@
1+
./internal/testing/mocks/backend.go
2+
./internal/testing/mocks/documentparser.go
3+
./internal/testing/mocks/scorecard.go
4+
./pkg/assembler/backends/ent/artifact.go
5+
./pkg/assembler/backends/ent/artifact/artifact.go
6+
./pkg/assembler/backends/ent/artifact/where.go
7+
./pkg/assembler/backends/ent/artifact_create.go
8+
./pkg/assembler/backends/ent/artifact_delete.go
9+
./pkg/assembler/backends/ent/artifact_query.go
10+
./pkg/assembler/backends/ent/artifact_update.go
11+
./pkg/assembler/backends/ent/billofmaterials.go
12+
./pkg/assembler/backends/ent/billofmaterials/billofmaterials.go
13+
./pkg/assembler/backends/ent/billofmaterials/where.go
14+
./pkg/assembler/backends/ent/billofmaterials_create.go
15+
./pkg/assembler/backends/ent/billofmaterials_delete.go
16+
./pkg/assembler/backends/ent/billofmaterials_query.go
17+
./pkg/assembler/backends/ent/billofmaterials_update.go
18+
./pkg/assembler/backends/ent/builder.go
19+
./pkg/assembler/backends/ent/builder/builder.go
20+
./pkg/assembler/backends/ent/builder/where.go
21+
./pkg/assembler/backends/ent/builder_create.go
22+
./pkg/assembler/backends/ent/builder_delete.go
23+
./pkg/assembler/backends/ent/builder_query.go
24+
./pkg/assembler/backends/ent/builder_update.go
25+
./pkg/assembler/backends/ent/certification.go
26+
./pkg/assembler/backends/ent/certification/certification.go
27+
./pkg/assembler/backends/ent/certification/where.go
28+
./pkg/assembler/backends/ent/certification_create.go
29+
./pkg/assembler/backends/ent/certification_delete.go
30+
./pkg/assembler/backends/ent/certification_query.go
31+
./pkg/assembler/backends/ent/certification_update.go
32+
./pkg/assembler/backends/ent/certifyscorecard.go
33+
./pkg/assembler/backends/ent/certifyscorecard/certifyscorecard.go
34+
./pkg/assembler/backends/ent/certifyscorecard/where.go
35+
./pkg/assembler/backends/ent/certifyscorecard_create.go
36+
./pkg/assembler/backends/ent/certifyscorecard_delete.go
37+
./pkg/assembler/backends/ent/certifyscorecard_query.go
38+
./pkg/assembler/backends/ent/certifyscorecard_update.go
39+
./pkg/assembler/backends/ent/certifyvex.go
40+
./pkg/assembler/backends/ent/certifyvex/certifyvex.go
41+
./pkg/assembler/backends/ent/certifyvex/where.go
42+
./pkg/assembler/backends/ent/certifyvex_create.go
43+
./pkg/assembler/backends/ent/certifyvex_delete.go
44+
./pkg/assembler/backends/ent/certifyvex_query.go
45+
./pkg/assembler/backends/ent/certifyvex_update.go
46+
./pkg/assembler/backends/ent/certifyvuln.go
47+
./pkg/assembler/backends/ent/certifyvuln/certifyvuln.go
48+
./pkg/assembler/backends/ent/certifyvuln/where.go
49+
./pkg/assembler/backends/ent/certifyvuln_create.go
50+
./pkg/assembler/backends/ent/certifyvuln_delete.go
51+
./pkg/assembler/backends/ent/certifyvuln_query.go
52+
./pkg/assembler/backends/ent/certifyvuln_update.go
53+
./pkg/assembler/backends/ent/client.go
54+
./pkg/assembler/backends/ent/dependency.go
55+
./pkg/assembler/backends/ent/dependency/dependency.go
56+
./pkg/assembler/backends/ent/dependency/where.go
57+
./pkg/assembler/backends/ent/dependency_create.go
58+
./pkg/assembler/backends/ent/dependency_delete.go
59+
./pkg/assembler/backends/ent/dependency_query.go
60+
./pkg/assembler/backends/ent/dependency_update.go
61+
./pkg/assembler/backends/ent/ent.go
62+
./pkg/assembler/backends/ent/enttest/enttest.go
63+
./pkg/assembler/backends/ent/gql_collection.go
64+
./pkg/assembler/backends/ent/gql_edge.go
65+
./pkg/assembler/backends/ent/gql_node.go
66+
./pkg/assembler/backends/ent/gql_pagination.go
67+
./pkg/assembler/backends/ent/gql_transaction.go
68+
./pkg/assembler/backends/ent/hashequal.go
69+
./pkg/assembler/backends/ent/hashequal/hashequal.go
70+
./pkg/assembler/backends/ent/hashequal/where.go
71+
./pkg/assembler/backends/ent/hashequal_create.go
72+
./pkg/assembler/backends/ent/hashequal_delete.go
73+
./pkg/assembler/backends/ent/hashequal_query.go
74+
./pkg/assembler/backends/ent/hashequal_update.go
75+
./pkg/assembler/backends/ent/hassourceat.go
76+
./pkg/assembler/backends/ent/hassourceat/hassourceat.go
77+
./pkg/assembler/backends/ent/hassourceat/where.go
78+
./pkg/assembler/backends/ent/hassourceat_create.go
79+
./pkg/assembler/backends/ent/hassourceat_delete.go
80+
./pkg/assembler/backends/ent/hassourceat_query.go
81+
./pkg/assembler/backends/ent/hassourceat_update.go
82+
./pkg/assembler/backends/ent/hook/hook.go
83+
./pkg/assembler/backends/ent/isvulnerability.go
84+
./pkg/assembler/backends/ent/isvulnerability/isvulnerability.go
85+
./pkg/assembler/backends/ent/isvulnerability/where.go
86+
./pkg/assembler/backends/ent/isvulnerability_create.go
87+
./pkg/assembler/backends/ent/isvulnerability_delete.go
88+
./pkg/assembler/backends/ent/isvulnerability_query.go
89+
./pkg/assembler/backends/ent/isvulnerability_update.go
90+
./pkg/assembler/backends/ent/migrate/migrate.go
91+
./pkg/assembler/backends/ent/migrate/schema.go
92+
./pkg/assembler/backends/ent/mutation.go
93+
./pkg/assembler/backends/ent/occurrence.go
94+
./pkg/assembler/backends/ent/occurrence/occurrence.go
95+
./pkg/assembler/backends/ent/occurrence/where.go
96+
./pkg/assembler/backends/ent/occurrence_create.go
97+
./pkg/assembler/backends/ent/occurrence_delete.go
98+
./pkg/assembler/backends/ent/occurrence_query.go
99+
./pkg/assembler/backends/ent/occurrence_update.go
100+
./pkg/assembler/backends/ent/packagename.go
101+
./pkg/assembler/backends/ent/packagename/packagename.go
102+
./pkg/assembler/backends/ent/packagename/where.go
103+
./pkg/assembler/backends/ent/packagename_create.go
104+
./pkg/assembler/backends/ent/packagename_delete.go
105+
./pkg/assembler/backends/ent/packagename_query.go
106+
./pkg/assembler/backends/ent/packagename_update.go
107+
./pkg/assembler/backends/ent/packagenamespace.go
108+
./pkg/assembler/backends/ent/packagenamespace/packagenamespace.go
109+
./pkg/assembler/backends/ent/packagenamespace/where.go
110+
./pkg/assembler/backends/ent/packagenamespace_create.go
111+
./pkg/assembler/backends/ent/packagenamespace_delete.go
112+
./pkg/assembler/backends/ent/packagenamespace_query.go
113+
./pkg/assembler/backends/ent/packagenamespace_update.go
114+
./pkg/assembler/backends/ent/packagetype.go
115+
./pkg/assembler/backends/ent/packagetype/packagetype.go
116+
./pkg/assembler/backends/ent/packagetype/where.go
117+
./pkg/assembler/backends/ent/packagetype_create.go
118+
./pkg/assembler/backends/ent/packagetype_delete.go
119+
./pkg/assembler/backends/ent/packagetype_query.go
120+
./pkg/assembler/backends/ent/packagetype_update.go
121+
./pkg/assembler/backends/ent/packageversion.go
122+
./pkg/assembler/backends/ent/packageversion/packageversion.go
123+
./pkg/assembler/backends/ent/packageversion/qualifier_predicates.go
124+
./pkg/assembler/backends/ent/packageversion/where.go
125+
./pkg/assembler/backends/ent/packageversion_create.go
126+
./pkg/assembler/backends/ent/packageversion_delete.go
127+
./pkg/assembler/backends/ent/packageversion_query.go
128+
./pkg/assembler/backends/ent/packageversion_update.go
129+
./pkg/assembler/backends/ent/pkgequal.go
130+
./pkg/assembler/backends/ent/pkgequal/pkgequal.go
131+
./pkg/assembler/backends/ent/pkgequal/where.go
132+
./pkg/assembler/backends/ent/pkgequal_create.go
133+
./pkg/assembler/backends/ent/pkgequal_delete.go
134+
./pkg/assembler/backends/ent/pkgequal_query.go
135+
./pkg/assembler/backends/ent/pkgequal_update.go
136+
./pkg/assembler/backends/ent/predicate/predicate.go
137+
./pkg/assembler/backends/ent/runtime.go
138+
./pkg/assembler/backends/ent/runtime/runtime.go
139+
./pkg/assembler/backends/ent/scorecard.go
140+
./pkg/assembler/backends/ent/scorecard/scorecard.go
141+
./pkg/assembler/backends/ent/scorecard/where.go
142+
./pkg/assembler/backends/ent/scorecard_create.go
143+
./pkg/assembler/backends/ent/scorecard_delete.go
144+
./pkg/assembler/backends/ent/scorecard_query.go
145+
./pkg/assembler/backends/ent/scorecard_update.go
146+
./pkg/assembler/backends/ent/slsaattestation.go
147+
./pkg/assembler/backends/ent/slsaattestation/slsaattestation.go
148+
./pkg/assembler/backends/ent/slsaattestation/where.go
149+
./pkg/assembler/backends/ent/slsaattestation_create.go
150+
./pkg/assembler/backends/ent/slsaattestation_delete.go
151+
./pkg/assembler/backends/ent/slsaattestation_query.go
152+
./pkg/assembler/backends/ent/slsaattestation_update.go
153+
./pkg/assembler/backends/ent/sourcename.go
154+
./pkg/assembler/backends/ent/sourcename/sourcename.go
155+
./pkg/assembler/backends/ent/sourcename/where.go
156+
./pkg/assembler/backends/ent/sourcename_create.go
157+
./pkg/assembler/backends/ent/sourcename_delete.go
158+
./pkg/assembler/backends/ent/sourcename_query.go
159+
./pkg/assembler/backends/ent/sourcename_update.go
160+
./pkg/assembler/backends/ent/sourcenamespace.go
161+
./pkg/assembler/backends/ent/sourcenamespace/sourcenamespace.go
162+
./pkg/assembler/backends/ent/sourcenamespace/where.go
163+
./pkg/assembler/backends/ent/sourcenamespace_create.go
164+
./pkg/assembler/backends/ent/sourcenamespace_delete.go
165+
./pkg/assembler/backends/ent/sourcenamespace_query.go
166+
./pkg/assembler/backends/ent/sourcenamespace_update.go
167+
./pkg/assembler/backends/ent/sourcetype.go
168+
./pkg/assembler/backends/ent/sourcetype/sourcetype.go
169+
./pkg/assembler/backends/ent/sourcetype/where.go
170+
./pkg/assembler/backends/ent/sourcetype_create.go
171+
./pkg/assembler/backends/ent/sourcetype_delete.go
172+
./pkg/assembler/backends/ent/sourcetype_query.go
173+
./pkg/assembler/backends/ent/sourcetype_update.go
174+
./pkg/assembler/backends/ent/tx.go
175+
./pkg/assembler/backends/ent/vulnerabilityid.go
176+
./pkg/assembler/backends/ent/vulnerabilityid/vulnerabilityid.go
177+
./pkg/assembler/backends/ent/vulnerabilityid/where.go
178+
./pkg/assembler/backends/ent/vulnerabilityid_create.go
179+
./pkg/assembler/backends/ent/vulnerabilityid_delete.go
180+
./pkg/assembler/backends/ent/vulnerabilityid_query.go
181+
./pkg/assembler/backends/ent/vulnerabilityid_update.go
182+
./pkg/assembler/backends/ent/vulnerabilitytype.go
183+
./pkg/assembler/backends/ent/vulnerabilitytype/vulnerabilitytype.go
184+
./pkg/assembler/backends/ent/vulnerabilitytype/where.go
185+
./pkg/assembler/backends/ent/vulnerabilitytype_create.go
186+
./pkg/assembler/backends/ent/vulnerabilitytype_delete.go
187+
./pkg/assembler/backends/ent/vulnerabilitytype_query.go
188+
./pkg/assembler/backends/ent/vulnerabilitytype_update.go
1189
./pkg/assembler/clients/generated/operations.go
2-
./pkg/assembler/graphql/model/nodes.go
3-
./pkg/assembler/graphql/resolvers/schema.resolvers.go
4-
./pkg/assembler/graphql/generated/root_.generated.go
5-
./pkg/assembler/graphql/generated/schema.generated.go
6-
./pkg/assembler/graphql/generated/prelude.generated.go
7-
./pkg/assembler/graphql/generated/package.generated.go
8-
./pkg/assembler/graphql/resolvers/package.resolvers.go
9-
./pkg/assembler/graphql/generated/source.generated.go
10-
./pkg/assembler/graphql/resolvers/source.resolvers.go
11-
./pkg/assembler/graphql/generated/cve.generated.go
12-
./pkg/assembler/graphql/resolvers/cve.resolvers.go
13-
./pkg/assembler/graphql/generated/ghsa.generated.go
14-
./pkg/assembler/graphql/resolvers/ghsa.resolvers.go
15-
./pkg/assembler/graphql/generated/osv.generated.go
16-
./pkg/assembler/graphql/resolvers/osv.resolvers.go
17190
./pkg/assembler/graphql/generated/artifact.generated.go
18-
./pkg/assembler/graphql/resolvers/artifact.resolvers.go
19191
./pkg/assembler/graphql/generated/builder.generated.go
20-
./pkg/assembler/graphql/resolvers/builder.resolvers.go
21-
./pkg/assembler/graphql/generated/hashEqual.generated.go
22-
./pkg/assembler/graphql/resolvers/hashEqual.resolvers.go
23-
./pkg/assembler/graphql/generated/isOccurrence.generated.go
24-
./pkg/assembler/graphql/resolvers/isOccurrence.resolvers.go
192+
./pkg/assembler/graphql/generated/certifyBad.generated.go
193+
./pkg/assembler/graphql/generated/certifyGood.generated.go
194+
./pkg/assembler/graphql/generated/certifyScorecard.generated.go
195+
./pkg/assembler/graphql/generated/certifyVEXStatement.generated.go
196+
./pkg/assembler/graphql/generated/certifyVuln.generated.go
197+
./pkg/assembler/graphql/generated/contact.generated.go
198+
./pkg/assembler/graphql/generated/cve.generated.go
199+
./pkg/assembler/graphql/generated/ghsa.generated.go
25200
./pkg/assembler/graphql/generated/hasSBOM.generated.go
26-
./pkg/assembler/graphql/resolvers/hasSBOM.resolvers.go
201+
./pkg/assembler/graphql/generated/hasSLSA.generated.go
202+
./pkg/assembler/graphql/generated/hasSourceAt.generated.go
203+
./pkg/assembler/graphql/generated/hashEqual.generated.go
27204
./pkg/assembler/graphql/generated/isDependency.generated.go
28-
./pkg/assembler/graphql/resolvers/isDependency.resolvers.go
205+
./pkg/assembler/graphql/generated/isOccurrence.generated.go
206+
./pkg/assembler/graphql/generated/isVulnerability.generated.go
207+
./pkg/assembler/graphql/generated/metadata.generated.go
208+
./pkg/assembler/graphql/generated/osv.generated.go
209+
./pkg/assembler/graphql/generated/package.generated.go
210+
./pkg/assembler/graphql/generated/path.generated.go
29211
./pkg/assembler/graphql/generated/pkgEqual.generated.go
30-
./pkg/assembler/graphql/resolvers/pkgEqual.resolvers.go
31-
./pkg/assembler/graphql/generated/hasSourceAt.generated.go
32-
./pkg/assembler/graphql/resolvers/hasSourceAt.resolvers.go
33-
./pkg/assembler/graphql/generated/certifyBad.generated.go
212+
./pkg/assembler/graphql/generated/prelude.generated.go
213+
./pkg/assembler/graphql/generated/root_.generated.go
214+
./pkg/assembler/graphql/generated/schema.generated.go
215+
./pkg/assembler/graphql/generated/source.generated.go
216+
./pkg/assembler/graphql/generated/vulnEqual.generated.go
217+
./pkg/assembler/graphql/generated/vulnMetadata.generated.go
218+
./pkg/assembler/graphql/generated/vulnerability.generated.go
219+
./pkg/assembler/graphql/model/nodes.go
220+
./pkg/assembler/graphql/resolvers/artifact.resolvers.go
221+
./pkg/assembler/graphql/resolvers/builder.resolvers.go
34222
./pkg/assembler/graphql/resolvers/certifyBad.resolvers.go
35-
./pkg/assembler/graphql/generated/certifyGood.generated.go
36223
./pkg/assembler/graphql/resolvers/certifyGood.resolvers.go
37-
./pkg/assembler/graphql/generated/certifyScorecard.generated.go
38224
./pkg/assembler/graphql/resolvers/certifyScorecard.resolvers.go
39-
./pkg/assembler/graphql/generated/certifyVuln.generated.go
225+
./pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go
40226
./pkg/assembler/graphql/resolvers/certifyVuln.resolvers.go
41-
./pkg/assembler/graphql/generated/isVulnerability.generated.go
42-
./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go
43-
./pkg/assembler/graphql/generated/hasSLSA.generated.go
227+
./pkg/assembler/graphql/resolvers/contact.resolvers.go
228+
./pkg/assembler/graphql/resolvers/cve.resolvers.go
229+
./pkg/assembler/graphql/resolvers/ghsa.resolvers.go
230+
./pkg/assembler/graphql/resolvers/hasSBOM.resolvers.go
44231
./pkg/assembler/graphql/resolvers/hasSLSA.resolvers.go
45-
./pkg/assembler/graphql/generated/certifyVEXStatement.generated.go
46-
./pkg/assembler/graphql/resolvers/certifyVEXStatement.resolvers.go
47-
./pkg/assembler/graphql/resolvers/search.resolvers.go
48-
./pkg/assembler/graphql/resolvers/path.resolvers.go
49-
./pkg/assembler/graphql/generated/path.generated.go
50-
./pkg/assembler/graphql/generated/metadata.generated.go
232+
./pkg/assembler/graphql/resolvers/hasSourceAt.resolvers.go
233+
./pkg/assembler/graphql/resolvers/hashEqual.resolvers.go
234+
./pkg/assembler/graphql/resolvers/isDependency.resolvers.go
235+
./pkg/assembler/graphql/resolvers/isOccurrence.resolvers.go
236+
./pkg/assembler/graphql/resolvers/isVulnerability.resolvers.go
51237
./pkg/assembler/graphql/resolvers/metadata.resolvers.go
52-
./pkg/assembler/graphql/resolvers/contact.resolvers.go
53-
./pkg/assembler/graphql/generated/contact.generated.go
54-
./pkg/assembler/graphql/generated/vulnEqual.generated.go
55-
./pkg/assembler/graphql/generated/vulnerability.generated.go
238+
./pkg/assembler/graphql/resolvers/osv.resolvers.go
239+
./pkg/assembler/graphql/resolvers/package.resolvers.go
240+
./pkg/assembler/graphql/resolvers/path.resolvers.go
241+
./pkg/assembler/graphql/resolvers/pkgEqual.resolvers.go
242+
./pkg/assembler/graphql/resolvers/schema.resolvers.go
243+
./pkg/assembler/graphql/resolvers/search.resolvers.go
244+
./pkg/assembler/graphql/resolvers/source.resolvers.go
56245
./pkg/assembler/graphql/resolvers/vulnEqual.resolvers.go
57-
./pkg/assembler/graphql/resolvers/vulnerability.resolvers.go
58-
./pkg/assembler/graphql/generated/vulnMetadata.generated.go
59246
./pkg/assembler/graphql/resolvers/vulnMetadata.resolvers.go
60-
./internal/testing/mocks/scorecard.go
61-
./internal/testing/mocks/documentparser.go
62-
./internal/testing/mocks/backend.go
247+
./pkg/assembler/graphql/resolvers/vulnerability.resolvers.go

.github/workflows/ci.yaml

+28
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,18 @@ jobs:
4141
NEO4J_AUTH: none
4242
ports:
4343
- 7687:7687
44+
postgres:
45+
image: postgres
46+
env:
47+
POSTGRES_USER: guac
48+
POSTGRES_PASSWORD: guac
49+
options: >-
50+
--health-cmd pg_isready
51+
--health-interval 10s
52+
--health-timeout 5s
53+
--health-retries 5
54+
ports:
55+
- 5432:5432
4456
steps:
4557
- name: Checkout code
4658
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # tag=v3
@@ -58,11 +70,25 @@ jobs:
5870
env:
5971
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6072
GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
73+
ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
6174
run: make integration-test
6275

6376
test-unit:
6477
runs-on: ubuntu-latest
6578
name: CI for unit tests
79+
services:
80+
postgres:
81+
image: postgres
82+
env:
83+
POSTGRES_USER: guac
84+
POSTGRES_PASSWORD: guac
85+
options: >-
86+
--health-cmd pg_isready
87+
--health-interval 10s
88+
--health-timeout 5s
89+
--health-retries 5
90+
ports:
91+
- 5432:5432
6692
steps:
6793
- name: Checkout code
6894
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # tag=v3
@@ -77,6 +103,8 @@ jobs:
77103
- name: Setup the project
78104
run: go mod download
79105
- name: Run tests
106+
env:
107+
ENT_TEST_DATABASE_URL: 'postgresql://guac:guac@localhost/guac?sslmode=disable'
80108
run: make test
81109

82110
static-analysis:

.gitignore

+1
Original file line numberDiff line numberDiff line change
@@ -13,5 +13,6 @@ go.work
1313
*pkg/.DS_Store
1414
*.swp
1515
*.swo
16+
container_files/pg/
1617

1718
dist/

0 commit comments

Comments
 (0)