fix(project create): optimize release state handling on update

Instead of storing all release states before project update and restoring it in a big loop afterwards, SW360 REST API also allows to pass full release information during release update. We however don't keep the release states set in SW360, but use the states provided in the SBOM.
sw360 · Feb 5, 2025 · 1df7aaa · 1df7aaa
1 parent 86ce234
commit 1df7aaa
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 41 deletions.
diff --git a/ChangeLog.md b/ChangeLog.md
@@ -8,6 +8,7 @@
 ## UNRELEASED
 
 * `project createbom` stores release relations (`CONTAINED`, `SIDE_BY_SIDE` etc.) as capycli:projectRelation
+* fix slowdown/crash in `project update` for large projects (#121) introduced in 2.7.0
 
 ## 2.7.0
 

diff --git a/capycli/project/create_project.py b/capycli/project/create_project.py
@@ -33,9 +33,9 @@ def __init__(self, onlyUpdateProject: bool = False) -> None:
         self.onlyUpdateProject = onlyUpdateProject
         self.project_mainline_state: str = ""
 
-    def bom_to_release_list(self, sbom: Bom) -> List[str]:
-        """Creates a list with linked releases"""
-        linkedReleases = []
+    def bom_to_release_list(self, sbom: Bom) -> Dict[str, Any]:
+        """Creates a list with linked releases from the SBOM."""
+        linkedReleases: Dict[str, Any] = {}
 
         for cx_comp in sbom.components:
             rid = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_SW360ID)
@@ -45,31 +45,17 @@ def bom_to_release_list(self, sbom: Bom) -> List[str]:
                     + ", " + str(cx_comp.version))
                 continue
 
-            linkedReleases.append(rid)
-
-        return linkedReleases
-
-    def get_release_project_mainline_states(self, project: Optional[Dict[str, Any]]) -> List[Dict[str, Any]]:
-        pms: List[Dict[str, Any]] = []
-        if not project:
-            return pms
+            linkedReleases[rid] = {}
 
-        if "linkedReleases" not in project:
-            return pms
+            mainlineState = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_PROJ_STATE)
+            if mainlineState:
+                linkedReleases[rid]["mainlineState"] = mainlineState
+            relation = CycloneDxSupport.get_property_value(cx_comp, CycloneDxSupport.CDX_PROP_PROJ_RELATION)
+            if relation:
+                # No typo. In project structure, it's "relation", while release update API uses "releaseRelation".
+                linkedReleases[rid]["releaseRelation"] = relation
 
-        for release in project["linkedReleases"]:  # NOT ["sw360:releases"]
-            pms_release = release.get("release", "")
-            if not pms_release:
-                continue
-            pms_state = release.get("mainlineState", "OPEN")
-            pms_relation = release.get("relation", "UNKNOWN")
-            pms_entry: Dict[str, Any] = {}
-            pms_entry["release"] = pms_release
-            pms_entry["mainlineState"] = pms_state
-            pms_entry["new_relation"] = pms_relation
-            pms.append(pms_entry)
-
-        return pms
+        return linkedReleases
 
     def update_project(self, project_id: str, project: Optional[Dict[str, Any]],
                        sbom: Bom, project_info: Dict[str, Any]) -> None:
@@ -79,7 +65,6 @@ def update_project(self, project_id: str, project: Optional[Dict[str, Any]],
             sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
 
         data = self.bom_to_release_list(sbom)
-        pms = self.get_release_project_mainline_states(project)
 
         ignore_update_elements = ["name", "version"]
         # remove elements from list because they are handled separately
@@ -114,20 +99,6 @@ def update_project(self, project_id: str, project: Optional[Dict[str, Any]],
                 if not result2:
                     print_red("  Error updating project!")
 
-            if pms and project:
-                print_text("  Restoring original project mainline states...")
-                for pms_entry in pms:
-                    update_release = False
-                    for r in project.get("linkedReleases", []):
-                        if r["release"] == pms_entry["release"]:
-                            update_release = True
-                            break
-
-                    if update_release:
-                        rid = self.client.get_id_from_href(pms_entry["release"])
-                        self.client.update_project_release_relationship(
-                            project_id, rid, pms_entry["mainlineState"], pms_entry["new_relation"], "")
-
         except SW360Error as swex:
             if swex.response is None:
                 print_red("  Unknown error: " + swex.message)