BUG: declared license only missing for some versions of a package

[elrayle]

Description

For some packages, many of the versions will have a license declared, but other versions of the package do not.

Expected

The summary definition for go/golang/github.com%2fsap/jenkins-library/v1.231.0 should have a declared license Apache-2.0.

Actual

The summary definition for go/golang/github.com%2fsap/jenkins-library/v1.231.0 does not have a declared license.

Observations

For the specific example provided:

• Many of the versions do have the license declared as Apache-2.0. (e.g. go/golang/github.com%2fsap/jenkins-library/v1.230.0)
• More than one version does not have a declared license.
• It does not appear to be related to a license change.

Potential Approach

Information needed:

• identify which packages have licenses for some versions, but not others
• determine how many coordinates are impacted
• determine if the license is declared in the tool output

May be able to use DB queries for the first two, but it will be slow. Can spot check the production blog container to determine if the license is present in tool results.

Actual approach needs to take scale of the problem into account.

• if the license is in tool results, force a re-generation of the definition for each coordinate
• if the license is not in the tool results, force a re-harvest of the coordinates

May be able to piggy back on the data factory being built to identify coordinates where a production-definition blob exists, but the database entry is completely missing.

Other approaches should be considered.

Related Work

• missing database definition for some blob store definitions #1171 - will use data factory to explore the differences
• database definitions do not match production-definition blobs #1142 - used a script on localhost to find and backfill out-of-sync DB licenses
• interpret licenses for missing versions #1098