save checkpoint

devops/database/postgres-partitioning/003_scanner_artifact_boms_hot_lookup_jobs.sql

@@ -0,0 +1,16 @@
+-- SPDX-License-Identifier: BUSL-1.1
+-- Scanner artifact_boms hot-lookup partition maintenance jobs
+-- Sprint: SPRINT_20260210_001_DOCS_sbom_attestation_hot_lookup_contract
+-- Task: HOT-005
+
+-- Pre-create current and next month partitions.
+SELECT partition_name
+FROM scanner.ensure_artifact_boms_future_partitions(1);
+
+-- Dry-run retention preview (default keeps 12 months).
+SELECT partition_name, dropped
+FROM scanner.drop_artifact_boms_partitions_older_than(12, TRUE);
+
+-- Retention execution example (uncomment when validated).
+-- SELECT partition_name, dropped
+-- FROM scanner.drop_artifact_boms_partitions_older_than(12, FALSE);

devops/scripts/scanner-artifact-boms-ensure-partitions.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -z "${PG_DSN:-}" ]]; then
+  echo "PG_DSN is required (PostgreSQL connection string)." >&2
+  exit 1
+fi
+
+MONTHS_AHEAD="${1:-1}"
+
+if ! [[ "${MONTHS_AHEAD}" =~ ^[0-9]+$ ]]; then
+  echo "monthsAhead must be a non-negative integer." >&2
+  exit 1
+fi
+
+psql "${PG_DSN}" \
+  --no-psqlrc \
+  --set ON_ERROR_STOP=on \
+  --quiet \
+  --tuples-only \
+  --command "SELECT partition_name FROM scanner.ensure_artifact_boms_future_partitions(${MONTHS_AHEAD});"

devops/scripts/scanner-artifact-boms-retention.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -z "${PG_DSN:-}" ]]; then
+  echo "PG_DSN is required (PostgreSQL connection string)." >&2
+  exit 1
+fi
+
+RETAIN_MONTHS="${1:-12}"
+DRY_RUN="${2:-true}"
+
+if ! [[ "${RETAIN_MONTHS}" =~ ^[0-9]+$ ]]; then
+  echo "retainMonths must be a positive integer." >&2
+  exit 1
+fi
+
+if [[ "${RETAIN_MONTHS}" -lt 1 ]]; then
+  echo "retainMonths must be >= 1." >&2
+  exit 1
+fi
+
+case "${DRY_RUN}" in
+  true|false) ;;
+  *)
+    echo "dryRun must be 'true' or 'false'." >&2
+    exit 1
+    ;;
+esac
+
+psql "${PG_DSN}" \
+  --no-psqlrc \
+  --set ON_ERROR_STOP=on \
+  --quiet \
+  --command "SELECT partition_name, dropped FROM scanner.drop_artifact_boms_partitions_older_than(${RETAIN_MONTHS}, ${DRY_RUN});"

devops/scripts/systemd/scanner-artifact-boms-ensure.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=StellaOps Scanner artifact_boms partition pre-creation
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/stellaops/scanner-hotlookup.env
+ExecStart=/opt/stellaops/devops/scripts/scanner-artifact-boms-ensure-partitions.sh 1
+User=stellaops
+Group=stellaops
+
+[Install]
+WantedBy=multi-user.target

devops/scripts/systemd/scanner-artifact-boms-ensure.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Monthly pre-creation of Scanner artifact_boms partitions
+
+[Timer]
+OnCalendar=*-*-01 00:10:00
+Persistent=true
+Unit=scanner-artifact-boms-ensure.service
+
+[Install]
+WantedBy=timers.target

devops/scripts/systemd/scanner-artifact-boms-retention.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=StellaOps Scanner artifact_boms retention cleanup
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/stellaops/scanner-hotlookup.env
+ExecStart=/opt/stellaops/devops/scripts/scanner-artifact-boms-retention.sh 12 false
+User=stellaops
+Group=stellaops
+
+[Install]
+WantedBy=multi-user.target

devops/scripts/systemd/scanner-artifact-boms-retention.timer

@@ -0,0 +1,10 @@
+[Unit]
+Description=Daily retention cleanup for Scanner artifact_boms partitions
+
+[Timer]
+OnCalendar=daily
+Persistent=true
+Unit=scanner-artifact-boms-retention.service
+
+[Install]
+WantedBy=timers.target