kpfleming/pkg-proxy
1
0
Fork 0
forked from mirrors/pkg-proxy
Code Pull requests Activity
pkg-proxy/internal/database/schema.go

630 lines
17 KiB
Go
Raw Permalink Normal View History

Hello world
2026-01-20 21:52:44 +00:00
package database
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
import (
"fmt"
"strings"
"time"
)
Hello world
2026-01-20 21:52:44 +00:00
Fix all golangci-lint issues across the codebase (#32) * Fix all golangci-lint issues across the codebase Resolve 77 lint issues reported by golangci-lint with gocritic, gocognit, gocyclo, maintidx, dupl, mnd, unparam, ireturn, goconst, and errcheck enabled. Net reduction of ~175 lines through shared helpers and deduplication. * Suppress staticcheck SA1019 for intentional deprecated field usage The Storage.Path field is deprecated but still read for backwards compatibility with existing configs that haven't migrated to the URL field.
2026-03-18 10:59:29 +00:00
const postgresTimestamp = "TIMESTAMP"
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
// Schema for proxy-specific tables. The packages and versions tables
// are compatible with git-pkgs, allowing the proxy to use an existing
// git-pkgs database as a starting point.
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
var schemaSQLite = `
CREATE TABLE IF NOT EXISTS schema_info (
version INTEGER NOT NULL
);
CREATE TABLE IF NOT EXISTS packages (
id INTEGER PRIMARY KEY,
purl TEXT NOT NULL,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
latest_version TEXT,
license TEXT,
description TEXT,
homepage TEXT,
repository_url TEXT,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
registry_url TEXT,
supplier_name TEXT,
supplier_type TEXT,
source TEXT,
enriched_at DATETIME,
vulns_synced_at DATETIME,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_packages_purl ON packages(purl);
CREATE INDEX IF NOT EXISTS idx_packages_ecosystem_name ON packages(ecosystem, name);
CREATE TABLE IF NOT EXISTS versions (
id INTEGER PRIMARY KEY,
purl TEXT NOT NULL,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
package_purl TEXT NOT NULL,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
license TEXT,
published_at DATETIME,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
integrity TEXT,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
yanked INTEGER DEFAULT 0,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
source TEXT,
enriched_at DATETIME,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_versions_purl ON versions(purl);
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
CREATE INDEX IF NOT EXISTS idx_versions_package_purl ON versions(package_purl);
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
CREATE TABLE IF NOT EXISTS artifacts (
id INTEGER PRIMARY KEY,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
version_purl TEXT NOT NULL,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
filename TEXT NOT NULL,
upstream_url TEXT NOT NULL,
storage_path TEXT,
content_hash TEXT,
size INTEGER,
content_type TEXT,
fetched_at DATETIME,
hit_count INTEGER DEFAULT 0,
last_accessed_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_version_filename ON artifacts(version_purl, filename);
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
CREATE INDEX IF NOT EXISTS idx_artifacts_storage_path ON artifacts(storage_path);
CREATE INDEX IF NOT EXISTS idx_artifacts_last_accessed ON artifacts(last_accessed_at);
Add Container, Debian, RPM handlers and enrichment API Adds proxy support for Docker/OCI container registries, Debian/APT repositories, and RPM/Yum repositories. Includes a new enrichment API for package metadata, vulnerability scanning, and outdated detection. Updates the dashboard with Tailwind CSS, dark mode support, and a security overview section showing vulnerability counts.
2026-01-29 19:35:15 +00:00
CREATE TABLE IF NOT EXISTS vulnerabilities (
id INTEGER PRIMARY KEY,
vuln_id TEXT NOT NULL,
ecosystem TEXT NOT NULL,
package_name TEXT NOT NULL,
severity TEXT,
summary TEXT,
fixed_version TEXT,
cvss_score REAL,
"references" TEXT,
fetched_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_vulns_id_pkg ON vulnerabilities(vuln_id, ecosystem, package_name);
CREATE INDEX IF NOT EXISTS idx_vulns_ecosystem_pkg ON vulnerabilities(ecosystem, package_name);
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
CREATE TABLE IF NOT EXISTS metadata_cache (
id INTEGER PRIMARY KEY,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
storage_path TEXT NOT NULL,
etag TEXT,
content_type TEXT,
size INTEGER,
Fix metadata caching, 404 propagation, mirror progress, and registry stubs - ProxyCached now stores upstream Last-Modified in the cache and uses it (along with ETag) for conditional request handling, returning 304 when client validators match. Adds Content-Length to cached responses. - Handlers calling FetchOrCacheMetadata (pypi, composer, pub, nuget) now check for ErrUpstreamNotFound and return 404 instead of 502, matching the existing npm and cargo behavior. - Mirror jobs report live progress via a periodic callback while running, so API polls return real counts instead of zeroed progress. - Registry mirroring removed from CLI flags, API acceptance, README, and docs since every enumerator was a stub returning "not yet implemented". - Added tests for the conditional metadata path (ETag/If-None-Match, Last-Modified/If-Modified-Since, 304 responses, header omission).
2026-04-01 20:14:11 +01:00
last_modified DATETIME,
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
fetched_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_metadata_eco_name ON metadata_cache(ecosystem, name);
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
CREATE TABLE IF NOT EXISTS migrations (
name TEXT NOT NULL PRIMARY KEY,
applied_at DATETIME NOT NULL
);
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
`
var schemaPostgres = `
CREATE TABLE IF NOT EXISTS schema_info (
version INTEGER NOT NULL
);
CREATE TABLE IF NOT EXISTS packages (
id SERIAL PRIMARY KEY,
purl TEXT NOT NULL,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
latest_version TEXT,
license TEXT,
description TEXT,
homepage TEXT,
repository_url TEXT,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
registry_url TEXT,
supplier_name TEXT,
supplier_type TEXT,
source TEXT,
enriched_at TIMESTAMP,
vulns_synced_at TIMESTAMP,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_packages_purl ON packages(purl);
CREATE INDEX IF NOT EXISTS idx_packages_ecosystem_name ON packages(ecosystem, name);
CREATE TABLE IF NOT EXISTS versions (
id SERIAL PRIMARY KEY,
purl TEXT NOT NULL,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
package_purl TEXT NOT NULL,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
license TEXT,
published_at TIMESTAMP,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
integrity TEXT,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
yanked BOOLEAN DEFAULT FALSE,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
source TEXT,
enriched_at TIMESTAMP,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_versions_purl ON versions(purl);
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
CREATE INDEX IF NOT EXISTS idx_versions_package_purl ON versions(package_purl);
CREATE TABLE IF NOT EXISTS artifacts (
id SERIAL PRIMARY KEY,
version_purl TEXT NOT NULL,
filename TEXT NOT NULL,
upstream_url TEXT NOT NULL,
storage_path TEXT,
content_hash TEXT,
size BIGINT,
content_type TEXT,
fetched_at TIMESTAMP,
hit_count BIGINT DEFAULT 0,
last_accessed_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_version_filename ON artifacts(version_purl, filename);
CREATE INDEX IF NOT EXISTS idx_artifacts_storage_path ON artifacts(storage_path);
CREATE INDEX IF NOT EXISTS idx_artifacts_last_accessed ON artifacts(last_accessed_at);
Add Container, Debian, RPM handlers and enrichment API Adds proxy support for Docker/OCI container registries, Debian/APT repositories, and RPM/Yum repositories. Includes a new enrichment API for package metadata, vulnerability scanning, and outdated detection. Updates the dashboard with Tailwind CSS, dark mode support, and a security overview section showing vulnerability counts.
2026-01-29 19:35:15 +00:00
CREATE TABLE IF NOT EXISTS vulnerabilities (
id SERIAL PRIMARY KEY,
vuln_id TEXT NOT NULL,
ecosystem TEXT NOT NULL,
package_name TEXT NOT NULL,
severity TEXT,
summary TEXT,
fixed_version TEXT,
cvss_score REAL,
"references" TEXT,
fetched_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_vulns_id_pkg ON vulnerabilities(vuln_id, ecosystem, package_name);
CREATE INDEX IF NOT EXISTS idx_vulns_ecosystem_pkg ON vulnerabilities(ecosystem, package_name);
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
CREATE TABLE IF NOT EXISTS metadata_cache (
id SERIAL PRIMARY KEY,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
storage_path TEXT NOT NULL,
etag TEXT,
content_type TEXT,
size BIGINT,
Fix metadata caching, 404 propagation, mirror progress, and registry stubs - ProxyCached now stores upstream Last-Modified in the cache and uses it (along with ETag) for conditional request handling, returning 304 when client validators match. Adds Content-Length to cached responses. - Handlers calling FetchOrCacheMetadata (pypi, composer, pub, nuget) now check for ErrUpstreamNotFound and return 404 instead of 502, matching the existing npm and cargo behavior. - Mirror jobs report live progress via a periodic callback while running, so API polls return real counts instead of zeroed progress. - Registry mirroring removed from CLI flags, API acceptance, README, and docs since every enumerator was a stub returning "not yet implemented". - Added tests for the conditional metadata path (ETag/If-None-Match, Last-Modified/If-Modified-Since, 304 responses, header omission).
2026-04-01 20:14:11 +01:00
last_modified TIMESTAMP,
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
fetched_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_metadata_eco_name ON metadata_cache(ecosystem, name);
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
CREATE TABLE IF NOT EXISTS migrations (
name TEXT NOT NULL PRIMARY KEY,
applied_at TIMESTAMP NOT NULL
);
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
`
// schemaArtifactsOnly contains just the artifacts table for adding to existing git-pkgs databases.
var schemaArtifactsSQLite = `
CREATE TABLE IF NOT EXISTS artifacts (
id INTEGER PRIMARY KEY,
version_purl TEXT NOT NULL,
filename TEXT NOT NULL,
upstream_url TEXT NOT NULL,
storage_path TEXT,
content_hash TEXT,
size INTEGER,
content_type TEXT,
fetched_at DATETIME,
hit_count INTEGER DEFAULT 0,
last_accessed_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_version_filename ON artifacts(version_purl, filename);
CREATE INDEX IF NOT EXISTS idx_artifacts_storage_path ON artifacts(storage_path);
CREATE INDEX IF NOT EXISTS idx_artifacts_last_accessed ON artifacts(last_accessed_at);
`
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
var schemaArtifactsPostgres = `
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
CREATE TABLE IF NOT EXISTS artifacts (
id SERIAL PRIMARY KEY,
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
version_purl TEXT NOT NULL,
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
filename TEXT NOT NULL,
upstream_url TEXT NOT NULL,
storage_path TEXT,
content_hash TEXT,
size BIGINT,
content_type TEXT,
fetched_at TIMESTAMP,
hit_count BIGINT DEFAULT 0,
last_accessed_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
CREATE UNIQUE INDEX IF NOT EXISTS idx_artifacts_version_filename ON artifacts(version_purl, filename);
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
CREATE INDEX IF NOT EXISTS idx_artifacts_storage_path ON artifacts(storage_path);
CREATE INDEX IF NOT EXISTS idx_artifacts_last_accessed ON artifacts(last_accessed_at);
`
Hello world
2026-01-20 21:52:44 +00:00
func (db *DB) CreateSchema() error {
if err := db.OptimizeForBulkWrites(); err != nil {
return err
}
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
var schema string
if db.dialect == DialectPostgres {
schema = schemaPostgres
} else {
schema = schemaSQLite
}
Hello world
2026-01-20 21:52:44 +00:00
if _, err := db.Exec(schema); err != nil {
return fmt.Errorf("executing schema: %w", err)
}
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
query := db.Rebind("INSERT INTO schema_info (version) VALUES (?)")
if _, err := db.Exec(query, SchemaVersion); err != nil {
Hello world
2026-01-20 21:52:44 +00:00
return fmt.Errorf("setting schema version: %w", err)
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
// Record all migrations as applied since the full schema is already current.
if err := db.recordAllMigrations(); err != nil {
return fmt.Errorf("recording migrations: %w", err)
}
Hello world
2026-01-20 21:52:44 +00:00
return db.OptimizeForReads()
}
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
// EnsureArtifactsTable adds the artifacts table to an existing database
// (e.g., a git-pkgs database) if it doesn't already exist.
func (db *DB) EnsureArtifactsTable() error {
var schema string
if db.dialect == DialectPostgres {
schema = schemaArtifactsPostgres
} else {
schema = schemaArtifactsSQLite
}
if _, err := db.Exec(schema); err != nil {
return fmt.Errorf("creating artifacts table: %w", err)
}
return nil
}
Hello world
2026-01-20 21:52:44 +00:00
func (db *DB) SchemaVersion() (int, error) {
var version int
Add sqlx with SQLite default and PostgreSQL option Replace raw database/sql with jmoiron/sqlx for cleaner query handling. Support both SQLite (default) and PostgreSQL as configurable backends. Configuration via: - CLI flags: -database-driver, -database-path, -database-url - Environment: PROXY_DATABASE_DRIVER, PROXY_DATABASE_PATH, PROXY_DATABASE_URL - Config file: database.driver, database.path, database.url Tests run against both databases when PROXY_DATABASE_URL is set.
2026-01-29 16:06:56 +00:00
err := db.Get(&version, "SELECT version FROM schema_info LIMIT 1")
Hello world
2026-01-20 21:52:44 +00:00
if err != nil {
return 0, err
}
return version, nil
}
Align database schema with git-pkgs for compatibility The proxy can now use an existing git-pkgs database as a starting point. Packages and versions tables match git-pkgs schema, using PURL-based references instead of integer IDs. The proxy adds its own artifacts table for caching functionality.
2026-01-29 16:44:01 +00:00
// HasTable checks if a table exists in the database.
func (db *DB) HasTable(name string) (bool, error) {
var exists bool
var query string
if db.dialect == DialectPostgres {
query = "SELECT EXISTS (SELECT FROM information_schema.tables WHERE table_name = $1)"
} else {
query = "SELECT EXISTS (SELECT 1 FROM sqlite_master WHERE type='table' AND name=?)"
}
err := db.Get(&exists, query, name)
return exists, err
}
Refactoring and features
2026-02-03 22:40:23 +00:00
// HasColumn checks if a column exists in a table.
func (db *DB) HasColumn(table, column string) (bool, error) {
var exists bool
var query string
if db.dialect == DialectPostgres {
query = "SELECT EXISTS (SELECT FROM information_schema.columns WHERE table_name = $1 AND column_name = $2)"
} else {
// For SQLite, check table_info
query = "SELECT COUNT(*) > 0 FROM pragma_table_info(?) WHERE name = ?"
}
err := db.Get(&exists, query, table, column)
return exists, err
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
// migration represents a named schema migration.
type migration struct {
name string
fn func(db *DB) error
}
// migrations is the ordered list of all schema migrations. See
// docs/migrations.md for how to add new ones.
var migrations = []migration{
{"001_add_packages_enrichment_columns", migrateAddPackagesEnrichmentColumns},
{"002_add_versions_enrichment_columns", migrateAddVersionsEnrichmentColumns},
{"003_ensure_artifacts_table", migrateEnsureArtifactsTable},
{"004_ensure_vulnerabilities_table", migrateEnsureVulnerabilitiesTable},
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
{"005_ensure_metadata_cache_table", migrateEnsureMetadataCacheTable},
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
}
// isTableNotFound returns true if the error indicates a missing table.
// SQLite returns "no such table: X", Postgres returns "relation \"X\" does not exist".
func isTableNotFound(err error) bool {
msg := err.Error()
return strings.Contains(msg, "no such table") ||
strings.Contains(msg, "does not exist")
}
// createMigrationsTable creates the migrations table.
func (db *DB) createMigrationsTable() error {
var ts string
if db.dialect == DialectPostgres {
ts = "TIMESTAMP"
} else {
ts = "DATETIME"
}
query := fmt.Sprintf(`CREATE TABLE IF NOT EXISTS migrations (
name TEXT NOT NULL PRIMARY KEY,
applied_at %s NOT NULL
)`, ts)
if _, err := db.Exec(query); err != nil {
return fmt.Errorf("creating migrations table: %w", err)
}
return nil
}
// appliedMigrations returns the set of migration names that have been recorded.
// Returns nil if the migrations table does not exist yet.
func (db *DB) appliedMigrations() (map[string]bool, error) {
var names []string
err := db.Select(&names, "SELECT name FROM migrations")
if err != nil {
// Table doesn't exist yet — this is a pre-migration database.
if isTableNotFound(err) {
return nil, nil
}
return nil, fmt.Errorf("loading applied migrations: %w", err)
}
applied := make(map[string]bool, len(names))
for _, name := range names {
applied[name] = true
}
return applied, nil
}
// recordMigration inserts a migration name into the migrations table.
func (db *DB) recordMigration(name string) error {
query := db.Rebind("INSERT INTO migrations (name, applied_at) VALUES (?, ?)")
if _, err := db.Exec(query, name, time.Now().UTC()); err != nil {
return fmt.Errorf("recording migration %s: %w", name, err)
}
return nil
}
// recordAllMigrations marks every known migration as applied.
func (db *DB) recordAllMigrations() error {
for _, m := range migrations {
if err := db.recordMigration(m.name); err != nil {
return err
}
}
return nil
}
// MigrateSchema applies any unapplied migrations in order.
// For a fully migrated database this executes a single SELECT query.
Refactoring and features
2026-02-03 22:40:23 +00:00
func (db *DB) MigrateSchema() error {
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
applied, err := db.appliedMigrations()
if err != nil {
return err
}
// If the migrations table didn't exist, create it now.
if applied == nil {
if err := db.createMigrationsTable(); err != nil {
return err
}
applied = make(map[string]bool)
}
for _, m := range migrations {
if applied[m.name] {
continue
}
if err := m.fn(db); err != nil {
return fmt.Errorf("migration %s: %w", m.name, err)
}
if err := db.recordMigration(m.name); err != nil {
return err
}
}
return nil
}
func migrateAddPackagesEnrichmentColumns(db *DB) error {
columns := map[string]string{
"registry_url": "TEXT",
"supplier_name": "TEXT",
"supplier_type": "TEXT",
"source": "TEXT",
"enriched_at": "DATETIME",
"vulns_synced_at": "DATETIME",
Refactoring and features
2026-02-03 22:40:23 +00:00
}
if db.dialect == DialectPostgres {
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
columns["enriched_at"] = postgresTimestamp
columns["vulns_synced_at"] = postgresTimestamp
Refactoring and features
2026-02-03 22:40:23 +00:00
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
for column, colType := range columns {
Refactoring and features
2026-02-03 22:40:23 +00:00
hasCol, err := db.HasColumn("packages", column)
if err != nil {
return fmt.Errorf("checking column %s: %w", column, err)
}
if !hasCol {
Fix all golangci-lint issues across the codebase (#32) * Fix all golangci-lint issues across the codebase Resolve 77 lint issues reported by golangci-lint with gocritic, gocognit, gocyclo, maintidx, dupl, mnd, unparam, ireturn, goconst, and errcheck enabled. Net reduction of ~175 lines through shared helpers and deduplication. * Suppress staticcheck SA1019 for intentional deprecated field usage The Storage.Path field is deprecated but still read for backwards compatibility with existing configs that haven't migrated to the URL field.
2026-03-18 10:59:29 +00:00
alterQuery := fmt.Sprintf("ALTER TABLE packages ADD COLUMN %s %s", column, colType)
Refactoring and features
2026-02-03 22:40:23 +00:00
if _, err := db.Exec(alterQuery); err != nil {
return fmt.Errorf("adding column %s to packages: %w", column, err)
}
}
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
return nil
}
Refactoring and features
2026-02-03 22:40:23 +00:00
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
func migrateAddVersionsEnrichmentColumns(db *DB) error {
columns := map[string]string{
Refactoring and features
2026-02-03 22:40:23 +00:00
"integrity": "TEXT",
"yanked": "INTEGER DEFAULT 0",
"source": "TEXT",
"enriched_at": "DATETIME",
}
if db.dialect == DialectPostgres {
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
columns["yanked"] = "BOOLEAN DEFAULT FALSE"
columns["enriched_at"] = postgresTimestamp
Refactoring and features
2026-02-03 22:40:23 +00:00
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
for column, colType := range columns {
Refactoring and features
2026-02-03 22:40:23 +00:00
hasCol, err := db.HasColumn("versions", column)
if err != nil {
return fmt.Errorf("checking column %s: %w", column, err)
}
if !hasCol {
Fix all golangci-lint issues across the codebase (#32) * Fix all golangci-lint issues across the codebase Resolve 77 lint issues reported by golangci-lint with gocritic, gocognit, gocyclo, maintidx, dupl, mnd, unparam, ireturn, goconst, and errcheck enabled. Net reduction of ~175 lines through shared helpers and deduplication. * Suppress staticcheck SA1019 for intentional deprecated field usage The Storage.Path field is deprecated but still read for backwards compatibility with existing configs that haven't migrated to the URL field.
2026-03-18 10:59:29 +00:00
alterQuery := fmt.Sprintf("ALTER TABLE versions ADD COLUMN %s %s", column, colType)
Refactoring and features
2026-02-03 22:40:23 +00:00
if _, err := db.Exec(alterQuery); err != nil {
return fmt.Errorf("adding column %s to versions: %w", column, err)
}
}
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
return nil
}
Refactoring and features
2026-02-03 22:40:23 +00:00
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
func migrateEnsureArtifactsTable(db *DB) error {
return db.EnsureArtifactsTable()
}
Refactoring and features
2026-02-03 22:40:23 +00:00
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
func migrateEnsureVulnerabilitiesTable(db *DB) error {
Refactoring and features
2026-02-03 22:40:23 +00:00
hasVulns, err := db.HasTable("vulnerabilities")
if err != nil {
return fmt.Errorf("checking vulnerabilities table: %w", err)
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
if hasVulns {
return nil
Refactoring and features
2026-02-03 22:40:23 +00:00
}
Track applied migrations to skip column checks on startup (#60) * Track applied migrations to skip column checks on startup Add a migrations table that records which migrations have been applied. On boot, load the set of applied names in one query and only run new ones. A fully migrated database now does 1 query instead of ~12 HasColumn/HasTable checks. Fresh databases created via CreateSchema record all migrations as already applied. Old databases get the migrations table on first MigrateSchema call and each migration is recorded after it runs. Closes #54 * Add benchmark for MigrateSchema on fully migrated database * Optimize MigrateSchema to single query for fully migrated databases Skip HasTable/HasColumn checks when the migrations table already exists. A fully migrated database now does one SELECT instead of ~12 individual column and table checks. * Add migration docs and link from architecture * Add test for upgrade from fully migrated database without migrations table
2026-04-06 13:06:45 +01:00
var vulnSchema string
if db.dialect == DialectPostgres {
vulnSchema = `
CREATE TABLE vulnerabilities (
id SERIAL PRIMARY KEY,
vuln_id TEXT NOT NULL,
ecosystem TEXT NOT NULL,
package_name TEXT NOT NULL,
severity TEXT,
summary TEXT,
fixed_version TEXT,
cvss_score REAL,
"references" TEXT,
fetched_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_vulns_id_pkg ON vulnerabilities(vuln_id, ecosystem, package_name);
CREATE INDEX IF NOT EXISTS idx_vulns_ecosystem_pkg ON vulnerabilities(ecosystem, package_name);
`
} else {
vulnSchema = `
CREATE TABLE vulnerabilities (
id INTEGER PRIMARY KEY,
vuln_id TEXT NOT NULL,
ecosystem TEXT NOT NULL,
package_name TEXT NOT NULL,
severity TEXT,
summary TEXT,
fixed_version TEXT,
cvss_score REAL,
"references" TEXT,
fetched_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_vulns_id_pkg ON vulnerabilities(vuln_id, ecosystem, package_name);
CREATE INDEX IF NOT EXISTS idx_vulns_ecosystem_pkg ON vulnerabilities(ecosystem, package_name);
`
}
if _, err := db.Exec(vulnSchema); err != nil {
return fmt.Errorf("creating vulnerabilities table: %w", err)
}
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
return nil
}
func migrateEnsureMetadataCacheTable(db *DB) error {
return db.EnsureMetadataCacheTable()
}
// EnsureMetadataCacheTable creates the metadata_cache table if it doesn't exist.
func (db *DB) EnsureMetadataCacheTable() error {
has, err := db.HasTable("metadata_cache")
if err != nil {
return fmt.Errorf("checking metadata_cache table: %w", err)
}
if has {
return nil
}
var schema string
if db.dialect == DialectPostgres {
schema = `
CREATE TABLE metadata_cache (
id SERIAL PRIMARY KEY,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
storage_path TEXT NOT NULL,
etag TEXT,
content_type TEXT,
size BIGINT,
Fix metadata caching, 404 propagation, mirror progress, and registry stubs - ProxyCached now stores upstream Last-Modified in the cache and uses it (along with ETag) for conditional request handling, returning 304 when client validators match. Adds Content-Length to cached responses. - Handlers calling FetchOrCacheMetadata (pypi, composer, pub, nuget) now check for ErrUpstreamNotFound and return 404 instead of 502, matching the existing npm and cargo behavior. - Mirror jobs report live progress via a periodic callback while running, so API polls return real counts instead of zeroed progress. - Registry mirroring removed from CLI flags, API acceptance, README, and docs since every enumerator was a stub returning "not yet implemented". - Added tests for the conditional metadata path (ETag/If-None-Match, Last-Modified/If-Modified-Since, 304 responses, header omission).
2026-04-01 20:14:11 +01:00
last_modified TIMESTAMP,
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
fetched_at TIMESTAMP,
created_at TIMESTAMP,
updated_at TIMESTAMP
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_metadata_eco_name ON metadata_cache(ecosystem, name);
`
} else {
schema = `
CREATE TABLE metadata_cache (
id INTEGER PRIMARY KEY,
ecosystem TEXT NOT NULL,
name TEXT NOT NULL,
storage_path TEXT NOT NULL,
etag TEXT,
content_type TEXT,
size INTEGER,
Fix metadata caching, 404 propagation, mirror progress, and registry stubs - ProxyCached now stores upstream Last-Modified in the cache and uses it (along with ETag) for conditional request handling, returning 304 when client validators match. Adds Content-Length to cached responses. - Handlers calling FetchOrCacheMetadata (pypi, composer, pub, nuget) now check for ErrUpstreamNotFound and return 404 instead of 502, matching the existing npm and cargo behavior. - Mirror jobs report live progress via a periodic callback while running, so API polls return real counts instead of zeroed progress. - Registry mirroring removed from CLI flags, API acceptance, README, and docs since every enumerator was a stub returning "not yet implemented". - Added tests for the conditional metadata path (ETag/If-None-Match, Last-Modified/If-Modified-Since, 304 responses, header omission).
2026-04-01 20:14:11 +01:00
last_modified DATETIME,
Add mirror command and API for selective package mirroring Add a `proxy mirror` CLI command and `/api/mirror` API endpoints that pre-populate the cache from various input sources: individual PURLs, SBOM files (CycloneDX and SPDX), or full registry enumeration. The mirror reuses the existing handler.Proxy.GetOrFetchArtifact() pipeline so cached artifacts are identical to those fetched on demand. A bounded worker pool controls download parallelism. Metadata caching is opt-in via `cache_metadata: true` in config (or PROXY_CACHE_METADATA=true). The mirror command always enables it. When enabled, upstream metadata responses are stored for offline fallback with ETag-based conditional revalidation. New internal/mirror package with Source interface, PURLSource, SBOMSource, RegistrySource, and async JobStore. New metadata_cache database table for offline metadata serving.
2026-03-19 21:06:02 +00:00
fetched_at DATETIME,
created_at DATETIME,
updated_at DATETIME
);
CREATE UNIQUE INDEX IF NOT EXISTS idx_metadata_eco_name ON metadata_cache(ecosystem, name);
`
}
if _, err := db.Exec(schema); err != nil {
return fmt.Errorf("creating metadata_cache table: %w", err)
}
Refactoring and features
2026-02-03 22:40:23 +00:00
return nil
}
Copy permalink