Skip to content

Commit a876005

Browse files
isoosisoos
committed
Trigger cache invalidation and API export after an advisory affects a package.
1 parent fe2dee1 commit a876005

File tree

2 files changed

+36
-9
lines changed

2 files changed

+36
-9
lines changed

app/lib/service/security_advisories/backend.dart

Lines changed: 36 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ import 'package:clock/clock.dart';
1212
import 'package:collection/collection.dart';
1313
import 'package:gcloud/service_scope.dart' as ss;
1414
import 'package:logging/logging.dart';
15+
import 'package:pub_dev/package/backend.dart';
1516
import 'package:pub_dev/service/entrypoint/analyzer.dart';
1617
import 'package:pub_dev/service/security_advisories/models.dart';
1718
import 'package:pub_dev/shared/datastore.dart';
@@ -96,7 +97,8 @@ class SecurityAdvisoryBackend {
9697
OSV osv,
9798
DateTime syncTime,
9899
) async {
99-
return await withRetryTransaction(_db, (tx) async {
100+
final updatedPackages = <String>{};
101+
final result = await withRetryTransaction(_db, (tx) async {
100102
DateTime modified;
101103
try {
102104
modified = DateTime.parse(osv.modified);
@@ -150,7 +152,11 @@ class SecurityAdvisoryBackend {
150152
);
151153
} else {
152154
final packages = await _lookupAffectedPackages(newAdvisory, tx);
153-
packages.forEach((pkg) => pkg.latestAdvisory = syncTime);
155+
for (final pkg in packages) {
156+
pkg.latestAdvisory = syncTime;
157+
pkg.updated = clock.now().toUtc();
158+
updatedPackages.add(pkg.name!);
159+
}
154160
tx.queueMutations(
155161
// This is an upsert
156162
inserts: [newAdvisory, ...packages],
@@ -159,6 +165,16 @@ class SecurityAdvisoryBackend {
159165

160166
return newAdvisory;
161167
});
168+
await Future.wait(
169+
updatedPackages.map(
170+
(packageName) => triggerPackagePostUpdates(
171+
packageName,
172+
skipReanalysis: true,
173+
skipVersionsExport: true,
174+
).future,
175+
),
176+
);
177+
return result;
162178
}
163179

164180
String _computeDisplayUrl(List<String> idAndAliases) {
@@ -181,7 +197,8 @@ class SecurityAdvisoryBackend {
181197
SecurityAdvisory advisory,
182198
DateTime syncTime,
183199
) async {
184-
return await withRetryTransaction(_db, (tx) async {
200+
final updatedPackages = <String>{};
201+
final result = await withRetryTransaction(_db, (tx) async {
185202
final key = _db.emptyKey.append(SecurityAdvisory, id: advisory.id);
186203

187204
if (advisory.affectedPackages!.length > 50) {
@@ -200,10 +217,24 @@ class SecurityAdvisoryBackend {
200217
tx.queueMutations(deletes: [key]);
201218
} else {
202219
final packages = await _lookupAffectedPackages(advisory, tx);
203-
packages.forEach((pkg) => pkg.latestAdvisory = syncTime);
220+
for (final pkg in packages) {
221+
pkg.latestAdvisory = syncTime;
222+
pkg.updated = clock.now().toUtc();
223+
updatedPackages.add(pkg.name!);
224+
}
204225
tx.queueMutations(inserts: packages, deletes: [key]);
205226
}
206227
});
228+
await Future.wait(
229+
updatedPackages.map(
230+
(packageName) => triggerPackagePostUpdates(
231+
packageName,
232+
skipReanalysis: true,
233+
skipVersionsExport: true,
234+
).future,
235+
),
236+
);
237+
return result;
207238
}
208239

209240
Future<List<Package>> _lookupAffectedPackages(
@@ -212,8 +243,7 @@ class SecurityAdvisoryBackend {
212243
) async {
213244
final packages = <Package>[];
214245
for (final packageName in advisory.affectedPackages!) {
215-
final packageKey = _db.emptyKey.append(Package, id: packageName);
216-
final package = await tx.lookupOrNull<Package>(packageKey);
246+
final package = await tx.packages.lookupOrNull(packageName);
217247
if (package == null) {
218248
_logger.shout(
219249
'Package $packageName not found, while ingesting advisory '

app/test/service/security_advisory/security_advisory_test.dart

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -506,9 +506,6 @@ void main() {
506506
expect(oxygenPkg!.latestAdvisory, syncTime);
507507
expect(neonPkg!.latestAdvisory, isNull);
508508

509-
// TODO(https://github.com/dart-lang/pub-dev/issues/9056): consider purging the package cache in `ingestSecurityAdvisory`.
510-
await purgePackageCache('oxygen');
511-
512509
final client = await createFakeAuthPubApiClient(
513510
email: adminAtPubDevEmail,
514511
);

0 commit comments

Comments
 (0)