Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BOM upload after clone of project might get stuck/fail #3895

Closed
2 tasks done
otbe opened this issue Jun 29, 2024 · 1 comment · Fixed by #3982
Closed
2 tasks done

BOM upload after clone of project might get stuck/fail #3895

otbe opened this issue Jun 29, 2024 · 1 comment · Fixed by #3982
Assignees
@nscuro
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
4.12

Comments

@otbe
Copy link

otbe commented Jun 29, 2024
edited
Loading

Current Behavior

I do something like this:

  1. clone project via API (includeAuditHistory=true, includeComponents=true)
  2. check token (/events...) until processing=false
  3. upload BOM
  4. check token (/events...) until processing=false
  5. check results
  6. delete project

Quite often it happens that the upload of the BOM fails with something like

Insert of object "org.dependencytrack.model.ProjectMetadata@6cb89346" using statement "INSERT INTO "PROJECT_METADATA" ("AUTHORS","PROJECT_ID","SUPPLIER") VALUES (?,?,?)" failed : ERROR: duplicate key value violates unique constraint "PROJECT_METADATA_PROJECT_ID_IDX"
  Detail: Key ("PROJECT_ID")=(215) already exists.
Stacktrace 
javax.jdo.JDODataStoreException: Insert of object "org.dependencytrack.model.ProjectMetadata@27963218" using statement "INSERT INTO "PROJECT_METADATA" ("AUTHORS","PROJECT_ID","SUPPLIER") VALUES (?,?,?)" failed : ERROR: duplicate key value violates unique constraint "PROJECT_METADATA_PROJECT_ID_IDX"
  Detail: Key ("PROJECT_ID")=(269) already exists.
	at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:605)
	at org.datanucleus.api.jdo.JDOPersistenceManager.flush(JDOPersistenceManager.java:2057)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processProject(BomUploadProcessingTaskV2.java:369)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.lambda$processBom$0(BomUploadProcessingTaskV2.java:297)
	at org.dependencytrack.persistence.QueryManager.lambda$runInTransaction$0(QueryManager.java:1433)
	at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1464)
	at org.dependencytrack.persistence.QueryManager.runInTransaction(QueryManager.java:1432)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processBom(BomUploadProcessingTaskV2.java:296)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.processEvent(BomUploadProcessingTaskV2.java:187)
	at org.dependencytrack.tasks.BomUploadProcessingTaskV2.inform(BomUploadProcessingTaskV2.java:162)
	at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:110)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.postgresql.util.PSQLException: ERROR: duplicate key value violates unique constraint "PROJECT_METADATA_PROJECT_ID_IDX"
  Detail: Key ("PROJECT_ID")=(269) already exists.
	at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2725)
	at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2412)
	at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:371)
	at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:502)
	at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:419)
	at org.postgresql.jdbc.PgPreparedStatement.executeWithFlags(PgPreparedStatement.java:194)
	at org.postgresql.jdbc.PgPreparedStatement.executeUpdate(PgPreparedStatement.java:155)
	at com.zaxxer.hikari.pool.ProxyPreparedStatement.executeUpdate(ProxyPreparedStatement.java:61)
	at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.executeUpdate(HikariProxyPreparedStatement.java)
	at org.datanucleus.store.rdbms.SQLController.doExecuteStatementUpdate(SQLController.java:463)
	at org.datanucleus.store.rdbms.SQLController.executeStatementUpdateDeferRowCountCheckForBatching(SQLController.java:413)
	at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:532)
	at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:235)
	at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:211)
	at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4614)
	at org.datanucleus.state.StateManagerImpl.flush(StateManagerImpl.java:5848)
	at org.datanucleus.flush.FlushOrdered.execute(FlushOrdered.java:96)
	at org.datanucleus.ExecutionContextImpl.flushInternal(ExecutionContextImpl.java:4050)
	at org.datanucleus.ExecutionContextImpl.flush(ExecutionContextImpl.java:3996)
	at org.datanucleus.api.jdo.JDOPersistenceManager.flush(JDOPersistenceManager.java:2040)
	... 12 common frames omitted

This is logged by BomUploadProcessingTaskV2. The error message is somehow similar to #3324

It also seems to be dependent on the project. Some work without issues and some mostly fail but I cannot really spot a difference (apart from components/suppressions)

You may wonder why I clone the project, just to delete it right after :) Im working on an integration of dtrack analysis in our pipelines. For each PR I want to analyse policy violations&vulns on the basis of the audit history of the "main" version. I think there was once an issue for this feature but I cannnot find it anymore.

Steps to Reproduce

  1. clone project via
  2. check for token (/events...) until processing=false
  3. upload BOM

Expected Behavior

No error

Dependency-Track Version

4.11.4

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

15.7

Browser

Google Chrome

Checklist
@otbe otbe added defect Something isn't working in triage labels Jun 29, 2024
@otbe otbe changed the title BOm upload after clone of project might get stuck/fail BOM upload after clone of project might get stuck/fail Jun 29, 2024
@muellerst-hg muellerst-hg mentioned this issue Jul 15, 2024
Closed
2 tasks
@nscuro nscuro self-assigned this Jul 15, 2024
@nscuro nscuro added this to the 4.12 milestone Jul 15, 2024
@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk and removed in triage labels Jul 15, 2024
@nscuro nscuro mentioned this issue Jul 15, 2024
Merged
2 tasks
@nscuro nscuro closed this as completed in 164847a Jul 15, 2024
netomi pushed a commit to netomi/dependency-track that referenced this issue Aug 8, 2024
@nscuro @netomi
Ensure no unique constraint violation for ProjectMetadata
b44ec0f 
Adds regression test for DependencyTrack#3895. The behavior itself does not reproduce on `master`, but does with `4.11.5`.

Wraps the project cloning in a transaction to make it more reliable. Adds MDC variables for `CloneProjectTask` (DependencyTrack#3234).

Fixes DependencyTrack#3895

Signed-off-by: nscuro <[email protected]>
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 15, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nscuro nscuro

Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
4.12
Development

Successfully merging a pull request may close this issue.

Ensure no unique constraint violation for ProjectMetadata nscuro/dependency-track
2 participants
@otbe @nscuro