Feat(Project): New function to make the dependency management of a project with releases more flexible

[hoangnt2]

1. Introduction

This manual aims to introduce the Dependency Network feature. Refer issue: #1538
The dependency network feature is a new function to make the dependency management of a project more flexible by allowing the users to customize the dependency graphs of their projects.
To help the reviewers test and review this new feature more quickly and easily, TSDV makes this manual.

2. How to test?

This feature modifies the GUI of the “Linked Releases And Projects” tab on the “project edits” page.
Now the “Linked Releases” table could show all dependencies of a project (both direct and transitive ones). Users can modify these dependencies as well.

2.1. The changes of GUI

In this section, we will introduce the changes in GUI behaviors. 5 sub-functions are modified or added including

• a. the “Add Release” button to add a direct dependency
• b. the icon button to add a transitive dependency
• c. the icon button to load default dependencies of a release from the component page
• d. the combo box allows the user to modify the version of a dependency
• e. the “Check Dependency Network” button to compare and show the different dependency information which is not consistent with the default one stored on the component page.

a. Modify the “Add Releases” button: This button will add a direct dependency (release) in the dependency graph of this project.

b. A new icon button to add a dependency (release) to another dependency (release) in the dependency graph. Note that this dependency added is seen as the transitive dependency of this project.

c. A new icon button to load the default dependency graph of a dependency (release) by importing the dependency information stored on the component page. Note that this button will load all dependencies (both direct and transitive ones) of the corresponding dependency (release).

d. The combo box allows the user to modify the version of a dependency.

e. The “Check Dependency Network” button will compare and show the different dependency information which is not consistent with the default one stored on the component page by highlighting them. The inconsistency usually happens after users modified the dependency graph or imported an old project.

2.2 Related functions

This section will introduce what is changed because of this new feature.

• The following features related to GUI will be changed. All the information of a project related to these features will be based on the information stored in the dependency graph of this project instead of the one stored on the component page. For example, in the “License clearing” tab, the license information of this project will be shown based on the license information of the dependencies (releases) in the dependency graph.

Projects detail page

• License clearing tab
  Table view
  Tree view
  Export Spreadsheet button (Projects with linked releases)
  Generate License Info button
  Generate Source Code Bundle button
  Add License Info to Release button
• ECC tab
• Administration tab (Clearing details numbers)
• Obligations tab
• Attachment Usages tab
• Vulnerabilities tab

Project view page

• License clearing column of projects table
• Import SBOM
• Export Spreadsheet button (Projects with linked releases)

Projects edit page

• Obligations tab

Components detail page

• Used By Project table

Releases detail page

• Used By Release table

Delete release function (Cannot remove release if it used by project)

Clearing request edit page

• To keep consistent with this new feature, a set of APIs are modified and added as well.

Modified Rest API

• 3.3.2 Get list projects with all detail
• 3.3.13. Get a single project
• 3.3.14. Listing releases
• 3.3.15. Listing releases of multiple projects
• 3.3.16. Listing releases (transitive)
• 3.3.17. Listing releases with ECC
• 3.3.18. Creating a project
• 3.3.19. Creating a duplicate project
• 3.3.20. Update a project
• 3.3.22. Link Releases to the project
• 3.3.23. Patch Releases to the project
• 3.3.24. Download License Info

New Rest API

• 3.3.30. Get project’s dependency network
• 3.3.31. Create a project with a readable format.
• 3.3.32. Update a project with a readable format.
• 3.3.33. Get direct dependencies of a release in project’s dependency network

3. How to review?

This chapter introduces which file is modified to achieve the corresponding function.

3.1. Rest API

Table 1: RestAPI functions

Rest API function	File Path	Function name
3.3.2 Get list projects with all detail	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getProjectsForUser()
3.3.13. Get a single project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getProject()
3.3.14. Listing releases	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getProjectReleases()
3.3.15. Listing releases of multiple projects	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getProjectsReleases()
3.3.16. Listing releases (transitive)	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getProjectReleases()
3.3.17. Listing releases with ECC	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getECCsOfReleases()
3.3.18. Creating a project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	createProject()
3.3.19. Creating a duplicate project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	createDuplicateProject()
3.3.20. Update a project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	patchProject()
3.3.22. Link Releases to the project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	linkReleases()
3.3.23. Patch Releases to the project	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	patchReleases()
3.3.24. Download License Info	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	downloadLicenseInfo()
3.3.30. Get project’s dependency network	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getDependencyNetworkOfProject()
3.3.31. Create a project with a readable format	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	createProjectReadableFormat()
3.3.32. Update a project with a readable format.	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	patchProjectReadableFormat()
3.3.33. Get direct dependencies of a release in project’s dependency network	rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/ProjectController.java	getDependenciesOfReleaseInProject()

3.2. GUI

** Table 2: UI functions **

GUI function	File Path
Project edit page (Linked Releases And Projects tab)	- frontend/sw360-portlet/src/main/resources/META-INF/resources/html/utils/includes/editLinkedReleasesInNetwork.jspf - frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/LinkedReleasesAndProjectsAwarePortlet.java - frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java
License clearing tab	- frontend/sw360-portlet/src/main/resources/META-INF/resources/html/projects/includes/projects/clearingStatus.jsp - frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java
- ECC tab - Administration tab (Clearing details numbers) - Obligations tab - Attachment Usages tab - Vulnerabilities tab	frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/components/ComponentPortlet.java
- Components detail page: + Used By Project table	frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/components/ComponentPortlet.java
- Releases detail page: + Used By Project table	frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/components/ComponentPortlet.java
- Clearing request edit page	frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/moderation/ModerationPortlet.java
- Projects edit page (Obligation tab)	frontend/sw360-portlet/src/main/java/org/eclipse/sw360/portal/portlets/projects/ProjectPortlet.java

Reference documents:
PR for Dependency network feature.docx
A New Dependency Management Function for SW360_qiu.pdf

[KoukiHama]

should be configurable in sw360 properties (comments in sw360 telco)

[shi9qiu]

Hi everyone,

Since this Pull Request is so large and difficult to follow up on and review. We plan to separate it into several small PRs. The first PR will include the GUI (a separate tab on the "Projects" page) to manage direct and transitive dependencies for a project. Also, three APIs (create, update and get the information of a project with a dependency network) will be in the first PR.
Also, we will make this feature configurable. If users turn off this feature, all functions will be the same as before.
We are developing the new PR now. We will make the first PR as soon as possible.

Thank you.

[KoukiHama]

#1181

[KoukiHama]

move to #1963