Schemas

Dependency Management Data produces various types of data into the underlying SQLite database.

Below you can find the schemas in the database.

internal/datasources/awselasticache/db/schema.sql

CREATE TABLE IF NOT EXISTS aws_elasticache_datastores (
  account_id TEXT NOT NULL,
  region TEXT NOT NULL,
  arn TEXT NOT NULL,
  name TEXT NOT NULL,
  engine TEXT NOT NULL,
  engine_version TEXT NOT NULL,

  -- tags is a JSON object
  tags TEXT NOT NULL,

  UNIQUE (account_id, region, arn) ON CONFLICT REPLACE
);

CREATE TABLE IF NOT EXISTS aws_elasticache_datastore_engines (
  engine TEXT NOT NULL,
  engine_version TEXT NOT NULL,
  deprecation TEXT NOT NULL,

  UNIQUE (engine, engine_version) ON CONFLICT REPLACE
);

internal/datasources/awslambda/db/schema.sql

CREATE TABLE IF NOT EXISTS aws_lambda_functions (
  account_id TEXT NOT NULL,
  region TEXT NOT NULL,
  arn TEXT NOT NULL,
  name TEXT NOT NULL,
  runtime TEXT NOT NULL,
  last_modified TEXT,

  -- tags is a JSON object
  tags TEXT NOT NULL,

  UNIQUE (account_id, region, arn) ON CONFLICT REPLACE
);

CREATE TABLE IF NOT EXISTS aws_lambda_function_runtimes (
  runtime TEXT NOT NULL,
	-- deprecation marks the "Phase 1" deprecations as noted in https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html:
	-- > Phase 1 - Lambda no longer applies security patches or other updates to
	-- > the runtime. You can no longer **create** functions that use the runtime, but
	-- > you can continue to update existing functions. This includes updating the
	-- > runtime version, and rolling back to the previous runtime version. Note
	-- > that functions that use a deprecated runtime are no longer eligible for
	-- > technical support
	deprecation TEXT,
  -- end_of_life marks the "Phase 2" deprecations as noted in https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html
	-- > Phase 2 - you can no longer **create or update** functions that use the
	-- > runtime. To update a function, you need to migrate it to a supported
	-- > runtime version. After you migrate the function to a supported runtime
	-- > version, you cannot rollback the function to the previous runtime. Phase 2
	-- > starts at least 30 days after the start of Phase 1
  end_of_life TEXT,

  UNIQUE (runtime) ON CONFLICT REPLACE
);

internal/datasources/awsrds/db/schema.sql

CREATE TABLE IF NOT EXISTS aws_rds_databases (
  account_id TEXT NOT NULL,
  region TEXT NOT NULL,
  arn TEXT NOT NULL,
  name TEXT NOT NULL,
  engine TEXT NOT NULL,
  engine_version TEXT NOT NULL,

  -- tags is a JSON object
  tags TEXT NOT NULL,

  UNIQUE (account_id, region, arn) ON CONFLICT REPLACE
);

CREATE TABLE IF NOT EXISTS aws_rds_databases_engines (
  engine TEXT NOT NULL,
  engine_version TEXT NOT NULL,
  deprecation TEXT NOT NULL,

  UNIQUE (engine, engine_version) ON CONFLICT REPLACE
);

internal/datasources/dependabot/db/schema.sql

CREATE TABLE IF NOT EXISTS dependabot (
  platform TEXT NOT NULL,
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  package_name TEXT NOT NULL,
  version TEXT NOT NULL,
  current_version TEXT,

  package_manager TEXT NOT NULL,
  package_file_path TEXT NOT NULL,

  UNIQUE (platform, organisation, repo, package_file_path, package_name, package_manager) ON CONFLICT REPLACE
);

internal/datasources/renovate/db/schema.sql

CREATE TABLE IF NOT EXISTS renovate (
  platform TEXT NOT NULL,
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  package_name TEXT NOT NULL,
  -- this could be a version constraint, such as `<=1.3.4,>=1.3.0`
  version TEXT NOT NULL,
  -- current_version is derived from:
  -- - the `locked_version` or `fixed_version`, if there is a lockfile or some pinning set
  -- - the `current_version` if present, and can be recalculated each time the data is generated
  -- this will give you an exact version number, such as `1.3.4`
  current_version TEXT,

  package_manager TEXT NOT NULL,
  package_file_path TEXT NOT NULL,

  datasource TEXT NOT NULL,
  -- dep_types is a JSON array
  dep_types TEXT NOT NULL,

  UNIQUE (platform, organisation, repo, package_file_path, package_name, package_manager, dep_types) ON CONFLICT REPLACE
);

CREATE TABLE IF NOT EXISTS renovate_updates (
  platform TEXT NOT NULL,
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  package_name TEXT NOT NULL,
  -- this could be a version constraint, such as `<=1.3.4,>=1.3.0`
  version TEXT NOT NULL,
  -- current_version is derived from:
  -- - the `locked_version` or `fixed_version`, if there is a lockfile or some pinning set
  -- - the `current_version` if present, and can be recalculated each time the data is generated
  -- this will give you an exact version number, such as `1.3.4`
  current_version TEXT,

  package_manager TEXT NOT NULL,
  package_file_path TEXT NOT NULL,

  datasource TEXT NOT NULL,

  -- custom for package updates
  new_version TEXT NOT NULL,
  update_type TEXT NOT NULL,

  UNIQUE (platform, organisation, repo, package_file_path, package_name, package_manager, update_type) ON CONFLICT REPLACE
);

internal/depsdev/db/schema.sql

CREATE TABLE IF NOT EXISTS depsdev_cves (
  package_name TEXT NOT NULL,
  version TEXT NOT NULL,

  cve_id TEXT NOT NULL,

  updated_at TEXT NOT NULL,

  UNIQUE (package_name, version, cve_id) ON CONFLICT REPLACE
);

CREATE TABLE IF NOT EXISTS depsdev_licenses (
  package_name TEXT NOT NULL,
  version TEXT NOT NULL,

  license TEXT NOT NULL,

  updated_at TEXT NOT NULL,

  UNIQUE (package_name, version, license) ON CONFLICT REPLACE
);

internal/endoflifedate/db/schema.sql

-- endoflifedate_products contains the underlying data model for EndOfLife.date products + cycles that can be JOINed with the `*_endoflife` tables
CREATE TABLE IF NOT EXISTS endoflifedate_products (
  -- from Product

  product_name TEXT NOT NULL,

  -- from Cycle

  cycle TEXT NOT NULL,

  supported_until TEXT,
  eol_from TEXT,

  inserted_at TEXT NOT NULL,

  UNIQUE (product_name, cycle) ON CONFLICT REPLACE,
  CHECK(product_name <> ''),
  CHECK(cycle <> '')
);

-- renovate_endoflife contains mappings for the `renovate` datasource that can be JOINed with `endoflifedate_products`
CREATE TABLE IF NOT EXISTS renovate_endoflife (
  -- from renovate
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  package_name TEXT NOT NULL,
  version TEXT NOT NULL,

  package_manager TEXT NOT NULL,
  package_file_path TEXT NOT NULL,

  -- from endoflifedate_products
  product_name TEXT NOT NULL,
  cycle TEXT NOT NULL,

  UNIQUE (organisation, repo, package_file_path, package_name, package_manager, version) ON CONFLICT REPLACE
);

-- dependabot_endoflife contains mappings for the `dependabot` datasource that can be JOINed with `endoflifedate_products`
CREATE TABLE IF NOT EXISTS dependabot_endoflife (
  -- from dependabot
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  package_name TEXT NOT NULL,
  version TEXT NOT NULL,

  package_manager TEXT NOT NULL,
  package_file_path TEXT NOT NULL,

  -- from endoflifedate_products
  product_name TEXT NOT NULL,
  cycle TEXT NOT NULL,

  UNIQUE (organisation, repo, package_file_path, package_name, package_manager, version) ON CONFLICT REPLACE
);

internal/osvdev/db/schema.sql

CREATE TABLE IF NOT EXISTS osvdev_cves (
  package_name TEXT NOT NULL,
  version TEXT NOT NULL,

  cve_id TEXT NOT NULL,

  updated_at TEXT NOT NULL,

  UNIQUE (package_name, version, cve_id) ON CONFLICT REPLACE
);

internal/ownership/db/schema.sql

CREATE TABLE IF NOT EXISTS owners (
  platform TEXT NOT NULL,
  organisation TEXT NOT NULL,
  repo TEXT NOT NULL,

  -- free-form information about who the owner is - could be an email address, a team name, Slack channel name, etc
  owner TEXT NOT NULL,
  -- free-form information for additional context, such as a link to a Slack channel, Confluence page, etc
  notes TEXT,

  updated_at TEXT NOT NULL,

  UNIQUE (platform, organisation, repo) ON CONFLICT REPLACE
);