feat: Check new license and alternative license names in OSORI DB

[o-kopysov]

Pull Request

Description

Current PR contains integration with OSORI DB for checking license information based on license SPDX ID, name or alternative name.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Code cleanup/refactoring
• Documentation update
• This change requires a documentation update
• CI system update
• Test Coverage update

Testing

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration.

Test Configuration:

• Java: v17
• LPVS Release: v1.5.0

Checklist:

• My code follows the style guidelines of this project
• My code meets the required code coverage for lines (90% and above)
• My code meets the required code coverage for branches (80% and above)
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 93.58974% with 5 lines in your changes are missing coverage. Please review.

❗ No coverage uploaded for pull request base (main@ddcc220). Click here to learn what that means.

Files	Patch %	Lines
...main/java/com/lpvs/service/LPVSLicenseService.java	87.80%	1 Missing and 4 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #514   +/-   ##
=======================================
  Coverage        ?   91.34%           
  Complexity      ?      517           
=======================================
  Files           ?       48           
  Lines           ?     1733           
  Branches        ?      209           
=======================================
  Hits            ?     1583           
  Misses          ?       83           
  Partials        ?       67           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tiokim]

Thank you for opening the PR.
It seems very good to bring OSORI DB, however it's too big to review in a PR.
Can you break it down into the separate PRs?
For example, I think you can make a PR for changing LPVSWebhookUtil to LPVSPayloadUtil.

[tiokim]

Please take a look at my comments. Many thanks!

[tiokim]

What about refactoring the code in terms of the improvement points below?

• Improvement Points:

1. The code is quite long and can be simplified by breaking it down into smaller methods.
2. The code is checking for the license in multiple places, which can be refactored into a single method.

Please refer to the example code below and check if it is possible. 😁

public LPVSLicense getLicenseBySpdxIdAndName(String licenseSpdxId, Optional<String> licenseName) {
    String licName = licenseName.orElse(licenseSpdxId);

    // Check if the license exists in the database
    LPVSLicense lic = findLicense(licenseSpdxId, licName);

    // If not found, check OSORI DB and create a new license if found
    if (lic == null) {
        lic = findLicenseInOsoriDb(licenseSpdxId);
    }

    // If still not found, create a new license with default field values
    if (lic == null) {
        lic = createNewLicense(licenseSpdxId, licName);
    }

    // Save the license and add it to the license list
    lic = lpvsLicenseRepository.saveAndFlush(lic);

    return lic;
}

private LPVSLicense findLicense(String licenseSpdxId, String licName) {
    LPVSLicense lic = findLicenseBySPDX(licenseSpdxId);
    if (lic == null) {
        lic = findLicenseByName(licName);
    }
    return lic;
}

private LPVSLicense findLicenseInOsoriDb(String licenseSpdxId) {
    if (osoriDbUrl == null || osoriDbUrl.trim().isEmpty()) {
        return null;
    }

    try {
        HttpURLConnection connection = osoriConnection.createConnection(osoriDbUrl, licenseSpdxId);
        connection.setRequestMethod("GET");
        connection.connect();

        if (connection.getResponseCode()!= 200) {
            throw new Exception("HTTP error code (" + connection.getResponseCode() + "): " + connection.getResponseMessage());
        }

        String response = LPVSPayloadUtil.convertInputStreamToString(connection.getInputStream());
        return LPVSPayloadUtil.convertOsoriDbResponseToLicense(response);
    } catch (Exception e) {
        log.error("Error connecting OSORI DB: " + e.getMessage());
        return null;
    }
}

private LPVSLicense createNewLicense(String licenseSpdxId, String licName) {
    LPVSLicense lic = new LPVSLicense();
    lic.setSpdxId(licenseSpdxId);
    lic.setLicenseName(licName);
    lic.setAlternativeNames(null);
    lic.setAccess("UNREVIEWED");
    return lic;
}

[o-kopysov]

@tiokim Thank you for the suggestion. I will apply the proposed changes in the current PR.

[tiokim]

Thank you for modifying it according to the review comments. I think the test code is also well written. One question is, is there a reason why the functions were public but not private?

[o-kopysov]

I make these functions public for providing better testability and cover them with unit tests (to avoid the usage of reflection to get a reference to the private methods). If you have other opinion, please let me know.

[tiokim]

LGTM Thanks for your contribution! 👍🏼