feat(import): add SPDX import dry-run mode with impact analysis#3785
Open
ADITYA-CODE-SOURCE wants to merge 1 commit intoeclipse-sw360:mainfrom
Open
feat(import): add SPDX import dry-run mode with impact analysis#3785ADITYA-CODE-SOURCE wants to merge 1 commit intoeclipse-sw360:mainfrom
ADITYA-CODE-SOURCE wants to merge 1 commit intoeclipse-sw360:mainfrom
Conversation
This commit adds a new dry-run mode for SPDX/SBOM imports that allows users to preview the expected impact before data is persisted to the database. Changes: - Add new Thrift structures: SpdxImportDryRunResult, SpdxComponentInfo, and LicenseConflictInfo for structured impact analysis response - Add dryRunImportBom method to ComponentService thrift interface - Implement dry-run logic in SpdxBOMImporter that: - Parses SPDX file without writing to database - Detects new vs existing components - Identifies license conflicts between proposed and existing licenses - Returns detailed impact analysis report - Add handler method in ComponentHandler - Add service method in Sw360ComponentService - Add REST endpoint: POST /components/import/SBOM/dryRun - Add Jackson mixins for new response types The dry-run endpoint returns: - newComponents: components that would be created - existingComponents: components that already exist - licenseConflicts: mismatches between proposed and existing licenses - warnings: any validation issues This feature addresses issue eclipse-sw360#3629 by providing transparency and confidence in SPDX imports before they are executed.
ADITYA-CODE-SOURCE
requested review from
GMishx,
KoukiHama,
ag4ums and
arunazhakesan
as code owners
GMishx
added
needs code review
needs general test
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a new dry-run mode for SPDX/SBOM imports that allows users to preview the expected impact before data is persisted to the database, addressing issue #3629.
Changes
SpdxImportDryRunResult,SpdxComponentInfo, andLicenseConflictInfofor structured impact analysis responsedryRunImportBommethod to ComponentService thrift interfaceSpdxBOMImporterthat:ComponentHandlerSw360ComponentServicePOST /components/import/SBOM/dryRunImpact Report
The dry-run endpoint returns:
newComponents: components that would be createdexistingComponents: components that already existlicenseConflicts: mismatches between proposed and existing licenseswarnings: any validation issuesThis feature provides transparency and confidence in SPDX imports before they are executed.
Testing
The implementation follows the existing patterns for SBOM import and can be tested by:
/components/import/SBOM/dryRunendpointRelated Issue
Fixes #3629