fix: making advisories packages alive

[helio-frota]

Summary by Sourcery

Enhancements:

• Extend the alive_qualified_purl CTE to union in qualified purls whose versioned purl’s base_purl_id appears in the purl_status table

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

The PR updates the garbage-collection SQL to expand the alive_qualified_purl CTE by unioning an additional branch that pulls in qualified purls tied to entries in the purl_status table, ensuring advisory-related packages are marked as alive.

File-Level Changes

Change	Details	Files
Enhance alive_qualified_purl CTE with a union to include purls from purl_status	Wrap the original SELECT branch in parentheses for union compatibility Add a UNION branch joining qualified_purl → versioned_purl → purl_status subquery Introduce a subquery to fetch distinct base_purl_id from purl_status Unify SELECT columns (id, versioned_purl_id) across both branches	modules/fundamental/src/purl/service/gc_purls.sql

Possibly linked issues

• #0: The PR modifies gc_purls.sql to include packages with purl_status, ensuring advisory-related packages are kept alive.
• Create a CI workflow to validate fmt, clippy, and tests on PR's #1: The PR modifies gc_purls.sql to ensure packages referenced by advisories are not deleted, directly resolving the issue.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Consider simplifying the CTE by removing the extra parentheses around each SELECT and writing the two branches directly as SELECT … UNION SELECT … for better readability.
• Since UNION already deduplicates rows, double-check that dropping DISTINCT on the first query preserves the intended result or switch to UNION ALL if you don’t need deduplication for performance.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Consider simplifying the CTE by removing the extra parentheses around each SELECT and writing the two branches directly as `SELECT … UNION SELECT …` for better readability.
- Since UNION already deduplicates rows, double-check that dropping DISTINCT on the first query preserves the intended result or switch to UNION ALL if you don’t need deduplication for performance.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.00%. Comparing base (143a5ae) to head (6875286).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1993   +/-   ##
=======================================
  Coverage   68.00%   68.00%           
=======================================
  Files         355      355           
  Lines       19804    19804           
  Branches    19804    19804           
=======================================
  Hits        13467    13467           
+ Misses       5557     5556    -1     
- Partials      780      781    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jcrossley3]

Please add a unit test that affirms the change actually fixes the problem.

[helio-frota]

Probably better to add this file change in your PR that contains the test?

#1980

────────────
 Nextest run ID 595cbdcc-f713-4727-9033-48756ce95de4 with nextest profile: default
    Starting 1 test across 35 binaries (478 tests skipped)
        PASS [   2.735s] trustify-module-fundamental purl::service::test::gc_purls_from_single_csaf
────────────
     Summary [   2.774s] 1 test run: 1 passed, 478 skipped
➜  trustify git:(1977) ✗ git diff
diff --git a/modules/fundamental/src/purl/service/gc_purls.sql b/modules/fundamental/src/purl/service/gc_purls.sql
index 4a8703a2..4c07ea97 100644
--- a/modules/fundamental/src/purl/service/gc_purls.sql
+++ b/modules/fundamental/src/purl/service/gc_purls.sql
@@ -1,9 +1,21 @@
 WITH
     alive_qualified_purl AS (
-        SELECT DISTINCT t2.id, t2.versioned_purl_id
+      (
+        SELECT t2.id, t2.versioned_purl_id
         FROM sbom_package_purl_ref AS t1
                  INNER JOIN qualified_purl AS t2
                             ON t2.id = t1.qualified_purl_id
+      )
+      UNION
+      (
+        SELECT t1.id, t1.versioned_purl_id
+        FROM qualified_purl AS t1
+        INNER JOIN versioned_purl AS t2 ON t2.id = t1.versioned_purl_id
+        INNER JOIN (
+          SELECT DISTINCT base_purl_id
+          FROM purl_status
+        ) AS t3 ON t2.base_purl_id = t3.base_purl_id
+      )
     ),
     alive_versioned_purl AS (
         SELECT DISTINCT t2.id, t2.base_purl_id

[helio-frota]

PR, which contains the test, updated #1980 👍