revert: back out sqlite data updates

[jdx]

Summary

• revert the generated JVM data update from Update data #467
• revert the SQLite update path from fix(db): use sqlite for data updates #465 and restore the previous Postgres workflow/code path

Why

#467 imported already-exported JSON through the SQLite path and published malformed features: [""] entries. Backing out #465 too returns the update pipeline to the previous database behavior while we prepare a cleaner fix.

Validation

• cargo fmt --check
• verified all public/api/jvm/**/*.json files contain zero features == [""] rows
• verified public/api/jvm/ea/linux/x86_64.json is back to 4092 rows with no OpenJDK 28 rows

This PR was generated by an AI coding assistant.

---

Note

High Risk
Switches the core database backend and CI secrets wiring while rewriting large published API datasets—any misconfiguration or partial revert affects consumers of public/api/jvm.

Overview
Replaces the SQLite persistence stack with PostgreSQL end-to-end: dependencies move from rusqlite / r2d2_sqlite to postgres, postgres-openssl, and r2d2_postgres; config.toml and docs now use ROAST_DATABASE_URL and optional SSL settings instead of a local roast.sqlite3 path; roast.sqlite3 is dropped from .gitignore.

The Update Data workflow no longer deletes a SQLite file or runs cargo run -- import—it only **fetch**es against ROAST_DATABASE_URL from secrets. README adds Docker PostgreSQL bootstrap via sql/schema.sql and removes the JSON import seeding flow; mise gains db:dump / db:restore helpers.

public/api/jvm/** JSON is rolled back from the bad #467 export: created_at values return to prior 2025-era timestamps (instead of uniform 2026-06-10), row ordering shifts, and entries no longer carry the malformed empty-string features pattern from that update.

^{Reviewed by Cursor Bugbot for commit 3f251dc. Bugbot is set up for automated code reviews on this repo. Configure here.}

Summary by CodeRabbit

• Chores

  • Updated JVM distribution metadata across multiple platforms/architectures; normalized fields, timestamps, and checksums.
  • Switched project configuration and CI to use a PostgreSQL database instead of SQLite.
  • Updated documentation to reflect PostgreSQL setup.

• New Features

  • Added database export utilities and backup/restore tasks to produce JSON outputs from the DB.

• Refactor

  • Removed the old import command and migrated internals to Postgres-backed storage.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: ee13f27b-b94d-4c83-991c-76596d1e1f92

📥 Commits

Reviewing files that changed from the base of the PR and between 34e349f and 3f251dc.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (37)

• .github/workflows/update.yml
• .gitignore
• Cargo.toml
• README.md
• config.toml
• mise.toml
• public/api/jvm/ea/alpine-linux/aarch64.json
• public/api/jvm/ea/alpine-linux/x86_64.json
• public/api/jvm/ea/linux/aarch64.json
• public/api/jvm/ea/linux/i686.json
• public/api/jvm/ea/linux/x86_64.json
• public/api/jvm/ea/macosx/aarch64.json
• public/api/jvm/ea/macosx/x86_64.json
• public/api/jvm/ea/windows/aarch64.json
• public/api/jvm/ea/windows/i686.json
• public/api/jvm/ea/windows/x86_64.json
• public/api/jvm/ga/alpine-linux/aarch64.json
• public/api/jvm/ga/alpine-linux/x86_64.json
• public/api/jvm/ga/linux/aarch64.json
• public/api/jvm/ga/linux/arm32.json
• public/api/jvm/ga/linux/i686.json
• public/api/jvm/ga/linux/x86_64.json
• public/api/jvm/ga/macosx/aarch64.json
• public/api/jvm/ga/macosx/i686.json
• public/api/jvm/ga/macosx/x86_64.json
• public/api/jvm/ga/windows/aarch64.json
• public/api/jvm/ga/windows/i686.json
• public/api/jvm/ga/windows/x86_64.json
• scripts/export-releasetype.sh
• scripts/export-vendor.sh
• sql/schema.sql
• src/cli/import.rs
• src/cli/mod.rs
• src/config.rs
• src/db/jvm_repository.rs
• src/db/pool.rs
• src/jvm/mod.rs

---

📝 Walkthrough

Walkthrough

This PR updates JVM distribution metadata across five JSON files covering Early Access and General Availability channels on multiple platforms. Changes normalize timestamps, standardize the features field from [""] to [], update checksums, and refresh artifact entries for Liberica, Corretto, Zulu, and JetBrains distributions.

Changes

JVM Metadata Refresh

Layer / File(s)	Summary
EA Alpine Linux AArch64 metadata refresh public/api/jvm/ea/alpine-linux/aarch64.json	First Liberica entry receives populated checksum and timestamp; intermediate Corretto, Zulu, and JetBrains entries have timestamps updated; tail replaced with refreshed Liberica artifacts across multiple EA versions.
EA Linux i686 metadata refresh public/api/jvm/ea/linux/i686.json	All entries receive timestamp normalization (mostly to 2025-03-28T22:02:46.826962 with variant timestamps) and feature field standardization from sentinel arrays to empty arrays.
EA Windows AArch64 metadata refresh public/api/jvm/ea/windows/aarch64.json	JetBrains JBR entries updated with new timestamps, checksum values (including null-to-hash transitions), and feature normalization; array tail replaced with new Liberica ZIP entries for EA versions 23.0.0–26.0.0.
EA Windows i686 metadata refresh public/api/jvm/ea/windows/i686.json	All entries receive timestamp updates and feature field normalization; artifact descriptors and URLs preserved.
GA macOS i686 metadata refresh public/api/jvm/ga/macosx/i686.json	All JDK entries unified to timestamp 2025-03-28T22:02:46.826962 and feature field normalized to empty arrays.

Postgres migration and tooling

Layer / File(s)	Summary
Project config, CI, manifest, and docs .github/workflows/update.yml, .gitignore, Cargo.toml, README.md, config.toml	Switch GitHub workflow to use ROAST_DATABASE_URL secret, remove roast.sqlite3* ignore, swap SQLite deps for Postgres/OpenSSL deps, update README and config to describe Postgres usage and SSL options.
Export/backup scripts and automation mise.toml, scripts/export-releasetype.sh, scripts/export-vendor.sh	Add db:dump/db:restore MISE tasks and two export scripts that run queries against Postgres (via Docker psql), convert CSV to JSON, and write per-arch/vendor outputs.
Postgres schema and permissions sql/schema.sql	Replace CREATE TABLE IF NOT EXISTS with drop-and-create JVM, switch index creation to drop-and-create, and grant DML/SELECT privileges to roast.
CLI subcommand removal src/cli/mod.rs, src/cli/import.rs	Remove the import subcommand and its module; CLI now exposes export, fetch, ls, and version.
Config struct update src/config.rs	Replace SQLite path with Postgres url and optional ssl_mode, ssl_ca, ssl_cert, ssl_key fields sourced from env vars.
Postgres TLS connection pool src/db/pool.rs	Replace SQLite pool creation with Postgres PostgresConnectionManager using OpenSSL SslConnector driven by config and conf.database.url.
Repository SQL and API changes src/db/jvm_repository.rs	Migrate repository from rusqlite to postgres client: change pool types, use $n placeholders, collect ToSql params, adapt ON CONFLICT DO UPDATE, and rewrite export/query helpers to Postgres APIs.
JvmData serde change src/jvm/mod.rs	Remove #[serde(default)] from JvmData, changing deserialization behavior for missing fields.

🎯 2 (Simple) | ⏱️ ~12 minutes

A rabbit hops through five JSON files today,
Timestamps refreshed in every single way,
Empty features arrays, checksums made right,
Liberica entries gleam in the new light,
EA and GA metadata shines so bright! 🐰✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'revert: update data from #467' is directly related to the main purpose of the PR, which is to revert generated JVM data updates from PR #467 while keeping SQLite code changes intact.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR reverts the JVM metadata JSON files from #467 back to the pre-SQLite baseline (removing malformed features: [""] entries), while keeping the SQLite→PostgreSQL backend migration from #465 intact.

• Data revert: All public/api/jvm/**/*.json files are rolled back to pre-Update data #467 content, restoring correct features arrays and removing spurious 2026-06-10 created_at timestamps.
• PostgreSQL migration: rusqlite/r2d2_sqlite replaced with postgres/r2d2_postgres/postgres-openssl; connection pool now reads ROAST_DATABASE_URL from a CI secret; the import CLI subcommand is deleted in favour of fetching directly from the remote DB.
• Tooling additions: New mise tasks db:dump/db:restore, two export shell scripts, and updated README.md and config.toml documenting the new PostgreSQL setup.

Confidence Score: 3/5

The data revert is clean, but the new PostgreSQL repository layer has two functional defects that will cause silent data-correctness problems in production.

The upsert WHERE clause uses != instead of IS DISTINCT FROM, so any nullable column that transitions between NULL and a non-NULL value will silently skip the update, leaving stale rows in the database. Additionally, the features round-trip still reproduces the [""] corruption the PR aims to fix: an empty features vec is serialised as "" on write and then split back to [""] on read. Both issues affect the core data-update path that runs on every CI fetch.

src/db/jvm_repository.rs — upsert NULL-comparison logic and features empty-string handling; src/db/pool.rs — unwrap() panic on malformed URL

Important Files Changed

Filename	Overview
src/db/jvm_repository.rs	SQLite→PostgreSQL migration: upsert WHERE clause uses != instead of IS DISTINCT FROM, silently skipping updates for NULL↔non-NULL transitions; features empty-string read-back produces [""] instead of []
src/db/pool.rs	New PostgreSQL connection pool with SSL support; url.parse().unwrap() will panic on a malformed config string; verify-full mode still disables hostname verification via always-true callback
src/config.rs	Replaced SQLite path/pool config with PostgreSQL URL and SSL options; straightforward struct update
src/jvm/mod.rs	Removed #[serde(default)] from JvmData struct; non-Option fields now require presence in JSON during deserialization
sql/schema.sql	Changed from CREATE TABLE IF NOT EXISTS to destructive DROP TABLE IF EXISTS; CREATE TABLE pattern; adds GRANT for roast user; schema is not idempotent on a live database
.github/workflows/update.yml	Switched env var from ROAST_DATABASE_PATH to ROAST_DATABASE_URL (from secrets); removed local DB wipe and import step, leaving only fetch and export
scripts/export-releasetype.sh	New script for exporting JVM data by release type via Docker psql; contains an unused csv_file variable in the loop body
src/cli/import.rs	Deleted: the JSON-seeding import command is removed as the workflow now reads directly from the external PostgreSQL database

_{Reviews (2): Last reviewed commit: "Revert "fix(db): use sqlite for data upd..." | Re-trigger Greptile}

[cursor]

db restore prompts password

Medium Severity

The new db:restore task passes psql --password, which forces an interactive password prompt, so restores fail or hang when run non-interactively (typical for mise tasks) even when ROAST_DB_PWD is configured in .env.local.

 

^{Reviewed by Cursor Bugbot for commit 794ea79. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 2 total unresolved issues (including 1 from previous review).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 3f251dc. Configure here.}

[cursor]

SQLite stack removed unintentionally

High Severity

This change swaps the project back to PostgreSQL (ROAST_DATABASE_URL, rusqlite/r2d2_sqlite removed, CI import dropped) even though the PR states only JVM JSON from #467 should be reverted and SQLite from #465 should stay.

Additional Locations (2)

• .github/workflows/update.yml#L18-L45
• config.toml#L5-L8

 

^{Reviewed by Cursor Bugbot for commit 3f251dc. Configure here.}

[greptile-apps]

NULL-unsafe comparisons in upsert WHERE clause

PostgreSQL evaluates NULL != 'value' as NULL (not TRUE), so any row where a nullable column (checksum, checksum_url, features, size) transitions between NULL and a non-NULL value will silently skip the update. For example, if a record exists with checksum = NULL and new data arrives with checksum = 'abc123', the condition excluded.checksum != JVM.checksum evaluates to NULL, which is falsy, and the SET clause never fires. The original SQLite code correctly used IS NOT (NULL-safe); the PostgreSQL equivalent is IS DISTINCT FROM.

[greptile-apps]

features empty-string round-trip produces [""] on read-back

In map_workaround, Some(vec![]).join(",") produces Some(""). When that empty string is stored and later read back, "".split(',').collect() yields vec![""], not an empty vec. This recreates the exact features: [""] corruption the PR description says was fixed. The fix is to return an empty vec when the stored string is empty.

Suggested change

	features: row
	.get::<_, Option<String>>("features")
	.map(|f| f.map(|f| f.split(',').map(String::from).collect()))?,
	file_type: row.get("file_type")?,
	filename: row.get("filename")?,
	image_type: row.get("image_type")?,
	java_version: row.get("java_version")?,
	jvm_impl: row.get("jvm_impl")?,
	os: row.get("os")?,
	release_type: row.get("release_type")?,
	size: row.get::<_, Option<i32>>("size")?,
	url: row.get("url")?,
	vendor: row.get("vendor")?,
	version: row.get("version")?,
	.map(|f| f.split(',').map(String::from).collect()),
	features: row
	.get::<_, Option<String>>("features")
	.map(|f| if f.is_empty() { vec![] } else { f.split(',').map(String::from).collect() }),

[greptile-apps]

url.parse().unwrap() will panic on a malformed connection string

The URL already passed the starts_with("postgres://") guard, but parse() can still fail for other reasons (invalid port number, malformed host, unknown parameters, etc.). Using .unwrap() turns a user-configuration mistake into a hard panic instead of a clean error propagated through the Result return type.

Suggested change

	let manager = PostgresConnectionManager::new(url.parse().unwrap(), tls_connector);
	let manager = PostgresConnectionManager::new(url.parse()?, tls_connector);