Add package 'name' to lock file

[jtcohen6]

Resolves #11487

Problem

dbt gets the true project name for each configured package (and their dependencies), but it doesn't store that information anywhere, requiring multiple trips to git providers / hub packages.

Solution

• Write each package's true project name in package-lock.yml
• Without changing the sha1_hash (if possible)

Checklist

• I have read the contributing guide and understand what's expected of me.
• I have run this code in development, and it appears to resolve the stated issue.
• This PR includes tests, or tests are not required or relevant for this PR.
• This PR has no interface changes (e.g., macros, CLI, logs, JSON artifacts, config files, adapter interface, etc.) or this PR has already received feedback and approval from Product or DX.
• This PR includes type annotations for new and modified functions.

[github-actions]

Thank you for your pull request! We could not find a changelog entry for this change. For details on how to document a change, see the contributing guide.

[zqureshi]

👀

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.88%. Comparing base (7cca847) to head (7da1e0a).
Report is 2 commits behind head on main.

❌ Your patch status has failed because the patch coverage (53.84%) is below the target coverage (80.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #11488   +/-   ##
=======================================
  Coverage   88.88%   88.88%           
=======================================
  Files         194      194           
  Lines       24553    24564   +11     
=======================================
+ Hits        21824    21834   +10     
- Misses       2729     2730    +1     

Flag	Coverage Δ
integration	85.88% <100.00%> (+<0.01%)	⬆️
unit	62.77% <53.84%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Unit Tests	62.77% <53.84%> (-0.01%)	⬇️
Integration Tests	85.88% <100.00%> (+<0.01%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jtcohen6]

The intent is to avoid changing the sha1_hash in package-lock.yml just because there's now an optional name attribute in the contract:

{'git': 'https://github.com/dbt-labs/dbt-utils', 'revision': None, 'warn-unpinned': None, 'subdirectory': None, 'unrendered': {'git': 'https://github.com/dbt-labs/dbt-utils'}, 'name': None}

But name actually is a required field for TarballPackage

[zqureshi]

This would be great to leave as a comment for the method.

[jtcohen6]

I can definitely add a comment. I'm also open to moving this logic elsewhere, so that the intent is clearer and the impact is narrower - perhaps task.deps._create_sha1_hash, where package.to_dict is actually being called?

[jtcohen6]

In the deps task here, dbt reads package-lock.yml and validates its contents using these contracts. So if name is in there, it needs to be an allowed (optional) field in all Package contracts.

The alternative would be to strip out name when dbt reads that file — but leave it in for TarballPackage only? — which feels trickier.

[zqureshi]

LGTM but I would have @peterallenwebb or @emmyoop rubber stamp since they are doing infra things.

[zqureshi]

I was wondering why this is a diff... until I saw it.

[zqureshi]

✅

[zqureshi]

nit: I wonder if this would be clearer to read with a heredoc.

[jtcohen6]

qq chose comma ça ?

        fivetran_package = """
  - name: fivetran_utils
    package: fivetran/fivetran_utils
    version: 0.4.7
"""

[zqureshi]

If you also feel that it increases comprehension, I'm 50/50.

[jtcohen6]

I do think it's easier to read!

[zqureshi]

🚀🚀🚀