fix(dbt): use latest sbom package source names (#2874)

* fix(dbt): add sbom staging model

* refactor(dbt): update sbom/package logic

* chore(docs): update tutorial example

* fix(dbt): add playground sources

* fix(dbt): applies artifact cases at staging model level

Author: ccerv1

apps/docs/docs/tutorials/dependencies.mdx

@@ -210,7 +210,7 @@ select distinct
       sboms.to_package_artifact_name = package_owners.package_artifact_name
       and sboms.to_package_artifact_source = package_owners.package_artifact_source
   where
-    sboms.to_package_artifact_source in ('NPM','RUST','GO','PIP')
+    sboms.to_package_artifact_source in ('NPM','CARGO','GOLANG','PYPI')
     and package_owners.package_owner_artifact_namespace is not null
     and concat(sboms.from_artifact_namespace, '/', sboms.from_artifact_name)
       in ('prysmaticlabs/prysm','sigp/lighthouse','consensys/teku','status-im/nimbus-eth2',
@@ -240,7 +240,7 @@ query = """
         sboms.to_package_artifact_name = package_owners.package_artifact_name
         and sboms.to_package_artifact_source = package_owners.package_artifact_source
     where
-      sboms.to_package_artifact_source in ('NPM','RUST','GO','PIP')
+      sboms.to_package_artifact_source in ('NPM','CARGO','GOLANG','PYPI')
       and package_owners.package_owner_artifact_namespace is not null
       and concat(sboms.from_artifact_namespace, '/', sboms.from_artifact_name)
         in ('prysmaticlabs/prysm','sigp/lighthouse','consensys/teku','status-im/nimbus-eth2',

warehouse/dbt/models/base_playground_sources.yml

@@ -1,3 +1,5 @@
+version: 2
+
 sources:
   - name: base_playground
 
@@ -95,6 +97,9 @@ sources:
 
       - name: ossd_collections
         identifier: base_playground__ossd_collections
-      
+
       - name: ossd_repositories
-        identifier: base_playground__ossd_repositories
+        identifier: base_playground__ossd_repositories
+
+      - name: ossd_sbom
+        identifier: base_playground__ossd_sbom

warehouse/dbt/models/intermediate/directory/int_packages.sql

@@ -27,19 +27,10 @@ select
   deps_dev.package_version,
   deps_dev.package_github_owner,
   deps_dev.package_github_repo,
-  case
-    when deps_dev.package_artifact_source = 'CARGO' then 'RUST'
-    when deps_dev.package_artifact_source = 'NPM' then 'NPM'
-    when deps_dev.package_artifact_source = 'PYPI' then 'PIP'
-    when deps_dev.package_artifact_source = 'GO' then 'GO'
-    when deps_dev.package_artifact_source = 'MAVEN' then 'MAVEN'
-    when deps_dev.package_artifact_source = 'NUGET' then 'NUGET'
-    else 'UNKNOWN'
-  end as sbom_artifact_source,
   (
     deps_dev.package_github_owner = latest_versions.current_owner
-    and deps_dev.package_github_repo = latest_versions.current_repo)
-    as is_current_owner
+    and deps_dev.package_github_repo = latest_versions.current_repo
+  ) as is_current_owner
 from deps_dev
 left join latest_versions
   on

warehouse/dbt/models/intermediate/directory/int_sbom_artifacts.sql

@@ -1,26 +1,4 @@
-with ranked_snapshots as (
-  select
-    artifact_source,
-    package_source,
-    package_version,
-    snapshot_at,
-    lower(artifact_namespace) as artifact_namespace,
-    lower(artifact_name) as artifact_name,
-    lower(package) as package,
-    row_number() over (
-      partition by
-        artifact_source,
-        artifact_namespace,
-        artifact_name,
-        package_source,
-        package,
-        package_version
-      order by snapshot_at asc
-    ) as row_num
-  from {{ source('ossd', 'sbom') }}
-),
-
-sbom_artifacts as (
+with sbom_artifacts as (
   select
     artifact_source,
     artifact_namespace,
@@ -29,13 +7,24 @@ sbom_artifacts as (
     package,
     package_version,
     snapshot_at
-  from ranked_snapshots
-  where row_num = 1
+  from {{ ref('stg_ossd__current_sbom') }}
+  where package_source in (
+    'CARGO',
+    'GOLANG',
+    'NPM',
+    'PYPI'
+  )
 ),
 
 deps_dev_packages as (
   select distinct
-    sbom_artifact_source,
+    case
+      when package_artifact_source = 'CARGO' then 'CARGO'
+      when package_artifact_source = 'GO' then 'GOLANG'      
+      when package_artifact_source = 'NPM' then 'NPM'
+      when package_artifact_source = 'PYPI' then 'PYPI'
+      else 'OTHER'
+    end as sbom_artifact_source,
     package_artifact_name,
     package_github_owner,
     package_github_repo

warehouse/dbt/models/playground_sources.yml

@@ -97,4 +97,7 @@ sources:
         identifier: base_playground__ossd_collections
 
       - name: ossd_repositories
-        identifier: base_playground__ossd_repositories
+        identifier: base_playground__ossd_repositories
+
+      - name: ossd_sbom
+        identifier: base_playground__ossd_sbom

warehouse/dbt/models/staging/oss-directory/stg_ossd__current_sbom.sql

@@ -0,0 +1,38 @@
+{{
+  config(
+    materialized='table'
+  )
+}}
+
+{# 
+  The most recent view of sboms from the ossd dagster source.
+#}
+
+with ranked_sboms as (
+  select
+    snapshot_at,
+    lower(artifact_namespace) as artifact_namespace,
+    lower(artifact_name) as artifact_name,
+    upper(artifact_source) as artifact_source,
+    lower(package) as package,
+    upper(package_source) as package_source,
+    lower(package_version) as package_version,
+    row_number()
+      over (
+        partition by artifact_namespace, artifact_name, artifact_source, package, package_source
+        order by snapshot_at desc
+      )
+      as row_num
+  from {{ oso_source('ossd', 'sbom') }}
+)
+
+select
+  artifact_namespace,
+  artifact_name,
+  artifact_source,
+  package,
+  package_source,
+  package_version,
+  snapshot_at
+from ranked_sboms
+where row_num = 1