-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Add test to ensure package metadata is represented in the JSON schema #1841
Conversation
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Benchmark Test ResultsBenchmark results from the latest changes vs base branch
|
func AllSyftMetadataTypeNames() ([]string, error) { | ||
root, err := repoRoot() | ||
if err != nil { | ||
return nil, err | ||
} | ||
files, err := filepath.Glob(filepath.Join(root, "syft/pkg/*.go")) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return findMetadataDefinitionNames(files...) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is some related data here, could you use any of these exported lists? These need to be kept up to date, used when decoding CDX.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about using these, but the pkg.MetadataType
will be something that is removed closer to syft 1.0 #1735 which means this map would be a format-only concern. So instead I leaned towards the current ast approach, which has the added benefit of not needing to remember to add it to a central list/map, in which case the PR protection would be a little more brittle.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, but the list of all metadata types is something needed by the Syft format decoder once the pkg.MetadataType goes away, which is specifically a concern with the Syft schema, is it not?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see -- that is, we should have a single source of truth for these sets. I'll try to account for that in this PR (warning, the scope will creep a bit, but I think it's warranted).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still agree with trying to get down to a single source of truth, however, I feel that is better tackled in #1735 and #1844 since there are naming inconsistencies and decoding considerations to make here. Additionally, this PR doesn't add another source of truth, this container struct being created exists today and is now being generated. Hopefully with the other two issues they can expand on this generation to include more things.
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
* main: (21 commits) chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862) chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863) feat: source-version flag (#1859) chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851) accept main.version ldflags even without vcs (#1855) feat: add scope to pom properties (#1779) chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852) chore(deps): bump github.com/docker/docker (#1849) Add test to ensure package metadata is represented in the JSON schema (#1841) Fix directory resolver to consider CWD and root path input correctly (#1840) Migrate location-related structs to the file package (#1751) chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843) fix: add panic recovery for license parse (#1839) chore: return both failures when failed to retrieve an image with a scheme (#1801) Extract go module versions from ldflags for binaries built by go (#1832) fix: duplicate packages, support pnpm lockfile v6 (#1778) chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834) chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829) chore(deps): bump github.com/docker/docker (#1833) Keep original FileInfo persisted on file.Metadata structs (#1794) ... Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
…anchore#1841) * [wip] try to reflect metadata types... probably wont work Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * refactor to add unit test to ensure there is coverage in the schema Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] generate metadata container Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add generation of metadata container struct for JSON schema generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * fix linting Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update linter script to account for code generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> --------- Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Today we generate our JSON schema from our go types. We create a single
ArtifactMetadataContainer
type in theschema/json
package that has allgithub.heygears.com/anchore/syft/pkg.*Metadata
structs defined on it, and use this type to infer what can be expressed in thepkg.Package.Metadata
field. This approach has worked well, but there is one shortcoming: when a new type is added someone needs to remember to add this type to theArtifactMetadataContainer
type.This PR improves this some by adding a unit test that will fail when there is a new type that appears to be a metadata type within the
pkg
package that is not represented onArtifactMetadataContainer
.Additionally, the
generate-json-schema
make target has been updated to generate theArtifactMetadataContainer
struct based on the latest analysis of the source code in thepkg
package.All of this will help ensure that we are not introducing data shape changes without updating the schema and are hyper aware of any breaking changes occurring to the schema within the PR making that change.