fix D1 bug (#77)

fix: deps in prod needs to avoid upsert due to transactions problem with CloudFlare D1

Co-authored-by: Christopher Langton <[email protected]>

Makefile

@@ -63,16 +63,19 @@ git-demo:
 	git stash pop || true
 
 _purge_data: ## FOR DOCO ONLY
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Finding;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Triage;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitRepo;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SARIFInfo;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SarifResults;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM CycloneDXInfo;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM SPDXInfo;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM IntegrationUsageLog;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Link;"
-	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Artifact;"
+	npx wrangler d1 execute vulnetix --local --command "DELETE FROM Session;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitBranch;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM Dependency;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM SarifResults;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM CycloneDXInfo;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM SPDXInfo;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM SARIFInfo;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM IntegrationUsageLog;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM Triage;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM Finding;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM GitRepo;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM Artifact;"
+    npx wrangler d1 execute vulnetix --local --command "DELETE FROM Link WHERE artifactUuid IS NOT NULL;"
 
 _helpers: ## FOR DOCO ONLY
 	npx wrangler d1 execute vulnetix --local --file ./migrations/0001_init.sql

functions/api/cdx.js

@@ -75,22 +75,32 @@ export async function onRequestPost(context) {
             }
             const dependencies = []
             for (const dep of await parseCycloneDXComponents(cdx, cdxId)) {
-                const info = await data.prisma.Dependency.upsert({
+                const lookup = await data.prisma.Dependency.findUnique({
                     where: {
                         cdx_dep: {
                             cdxId,
                             name: dep.name,
                             version: dep.version,
                         }
-                    },
-                    update: {
-                        license: dep.license,
-                        childOfKey: dep.childOfKey
-                    },
-                    create: { ...dep, cdxId }
+                    }
                 })
-                data.logger(`Dependency ${cdxId}`, info)
-                dependencies.push({ ...dep, cdxId })
+                if (lookup?.key) {
+                    const infoUpd = await data.prisma.Dependency.update({
+                        where: {
+                            key: lookup.key
+                        },
+                        data: {
+                            license: dep.license,
+                            childOfKey: dep.childOfKey
+                        }
+                    })
+                    data.logger(`Update CDX ${cdxId} Dep ${dep.name}`, infoUpd)
+                    dependencies.push({ ...dep, cdxId })
+                } else {
+                    const infoAdd = await data.prisma.Dependency.create({ ...dep, cdxId })
+                    data.logger(`Create CDX ${cdxId} Dep ${dep.name}`, infoAdd)
+                    dependencies.push({ ...dep, cdxId })
+                }
             }
             const cdxStr = JSON.stringify(cdx)
             const artifact = await saveArtifact(data.prisma, env.r2artifacts, cdxStr, artifactUuid, `cyclonedx`)

functions/api/github/repos/[org]/[repo]/spdx.js

@@ -67,22 +67,32 @@ export async function onRequestGet(context) {
         findings = [...findings, ...findingIds]
         const dependencies = []
         for (const dep of await parseSPDXComponents(spdx, spdxId)) {
-            const info = await data.prisma.Dependency.upsert({
+            const lookup = await data.prisma.Dependency.findUnique({
                 where: {
                     spdx_dep: {
                         spdxId,
                         name: dep.name,
                         version: dep.version,
                     }
-                },
-                update: {
-                    license: dep.license,
-                    childOfKey: dep.childOfKey
-                },
-                create: { ...dep, spdxId }
+                }
             })
-            dependencies.push({ ...dep, spdxId })
-            data.logger(`Dependency ${dep.name}@${dep.version}`, info)
+            if (lookup?.key) {
+                const infoUpd = await data.prisma.Dependency.update({
+                    where: {
+                        key: lookup.key
+                    },
+                    data: {
+                        license: dep.license,
+                        childOfKey: dep.childOfKey
+                    }
+                })
+                data.logger(`Update SPDX ${spdxId} Dep ${dep.name}`, infoUpd)
+                dependencies.push({ ...dep, spdxId })
+            } else {
+                const infoAdd = await data.prisma.Dependency.create({ ...dep, spdxId })
+                data.logger(`Create SPDX ${spdxId} Dep ${dep.name}`, infoAdd)
+                dependencies.push({ ...dep, spdxId })
+            }
         }
         spdx.dependencies = dependencies
         files.push({ spdx, errors })

functions/api/spdx.js

@@ -100,22 +100,32 @@ export async function onRequestPost(context) {
             const artifactUuid = originalSpdx?.artifactUuid || artifact?.uuid
             const dependencies = []
             for (const dep of await parseSPDXComponents(spdx, spdxId)) {
-                const info = await data.prisma.Dependency.upsert({
+                const lookup = await data.prisma.Dependency.findUnique({
                     where: {
                         spdx_dep: {
                             spdxId,
                             name: dep.name,
                             version: dep.version,
                         }
-                    },
-                    update: {
-                        license: dep.license,
-                        childOfKey: dep.childOfKey
-                    },
-                    create: { ...dep, spdxId }
+                    }
                 })
-                dependencies.push({ ...dep, spdxId })
-                data.logger(`Dependency ${dep.name}@${dep.version}`, info)
+                if (lookup?.key) {
+                    const infoUpd = await data.prisma.Dependency.update({
+                        where: {
+                            key: lookup.key
+                        },
+                        data: {
+                            license: dep.license,
+                            childOfKey: dep.childOfKey
+                        }
+                    })
+                    data.logger(`Update SPDX ${spdxId} Dep ${dep.name}`, infoUpd)
+                    dependencies.push({ ...dep, spdxId })
+                } else {
+                    const infoAdd = await data.prisma.Dependency.create({ ...dep, spdxId })
+                    data.logger(`Create SPDX ${spdxId} Dep ${dep.name}`, infoAdd)
+                    dependencies.push({ ...dep, spdxId })
+                }
             }
             const spdxData = {
                 spdxId,