ecluse:ecluse-core
Safe HaskellNone
LanguageGHC2021

Ecluse.Core.Osv.Schema

Description

The compiled advisory artifact's schema contract.

Écluse Pilot compiles OSV advisory data into a read-only SQLite artifact (osv.db) and publishes it to object storage; the proxy downloads it and queries it locally on the request path. This module is the one place the writer and the reader agree on what that artifact looks like: the table-schema epoch that names and stamps it, and the keys of its meta table.

The artifact is immutable and rebuilt from scratch on every compilation, so there are no migrations, only a read-compatibility contract between whoever wrote a file and whoever reads it. The epoch expresses exactly that contract: it moves only when the shape of the data breaks, so the key stays findable and the stamp stays checkable across releases of either side.

Synopsis

The table-schema epoch

osvSchemaEpoch :: Int Source #

The table-schema epoch: the version of the artifact's shape, shared by the Pilot writer and the proxy reader.

Bump it only for a breaking change to the existing shape (a column rename, a semantic change, a key change). Additive changes (a new column, a new table) must not bump it: readers select explicit columns, so additions are invisible to them. A column exists exactly when the build populates it, so a reader learns what data an artifact offers from the schema itself.

The epoch names the published artifact (osvDbFileName) and is stamped into it as SQLite's user_version; a reader must reject an artifact whose stamp does not match its own compiled-in epoch and keep its last known-good database.

osvDbFileName :: Text -> FilePath Source #

The artifact's file name, and object-storage key, for an ecosystem.

The key is stable per ecosystem, so a reader can poll one known key by ETag, and embeds only the epoch, so the key changes exactly when a reader could no longer use the file.

>>> osvDbFileName "npm"
"npm-osv-schema1.db"

The meta table

data MetaKey Source #

A key of the artifact's meta table (one TEXT key/value row per key).

The table carries the artifact's provenance: which build produced it, from what source, and when.

Constructors

MetaPilotVersion

The Pilot application version that produced the artifact.

MetaEcosystem

The ecosystem the artifact was compiled for (e.g. npm).

MetaBuiltAt

When the compilation finished, as an ISO-8601 UTC timestamp.

MetaSourceUrl

The advisory-dump URL the artifact was compiled from.

MetaRowCount

The number of advisory ranges the artifact holds.

Instances

Instances details
Bounded MetaKey Source # 
Instance details

Defined in Ecluse.Core.Osv.Schema

Enum MetaKey Source # 
Instance details

Defined in Ecluse.Core.Osv.Schema

Show MetaKey Source # 
Instance details

Defined in Ecluse.Core.Osv.Schema

Eq MetaKey Source # 
Instance details

Defined in Ecluse.Core.Osv.Schema

Methods

(==) :: MetaKey -> MetaKey -> Bool #

(/=) :: MetaKey -> MetaKey -> Bool #

renderMetaKey :: MetaKey -> Text Source #

The key's stored form in the meta table.