Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(PackageBasedScanStorageReader)!: Align read() to take a Package #7641

Merged
merged 1 commit into from
Oct 6, 2023

Conversation

sschuberth
Copy link
Member

A package based reader should indeed take a Package for all its read() functions. This aligns with the existing read() function that takes a ScannerCriteria, and it is a requirement for a proper implementation of ClearlyDefinedStorage which uses coordinates with a "provider" for lookup that can only be correctly constructed when provenance information is available. So far the ClearlyDefinedStorage hard-codes some assumptions in this regard, which will be corrected in upcoming changes.

@sschuberth sschuberth requested review from oheger-bosch and a team as code owners October 5, 2023 14:06
@sschuberth sschuberth force-pushed the sschuberth/scan-storage-id-to-pkg branch from 885e4d9 to d48f748 Compare October 5, 2023 14:10
@codecov
Copy link

codecov bot commented Oct 5, 2023

Codecov Report

Attention: 11 lines in your changes are missing coverage. Please review.

Comparison is base (89c626e) 68.03% compared to head (5ae52c3) 68.03%.

Additional details and impacted files
@@            Coverage Diff            @@
##               main    #7641   +/-   ##
=========================================
  Coverage     68.03%   68.03%           
  Complexity     2023     2023           
=========================================
  Files           344      344           
  Lines         16727    16727           
  Branches       2372     2372           
=========================================
  Hits          11381    11381           
  Misses         4363     4363           
  Partials        983      983           
Flag Coverage Δ
funTest-docker 69.40% <ø> (ø)
funTest-non-docker 36.45% <14.28%> (ø)
test 35.54% <7.14%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
.../src/main/kotlin/storages/ClearlyDefinedStorage.kt 82.22% <100.00%> (ø)
...in/kotlin/commands/ListStoredScanResultsCommand.kt 61.29% <0.00%> (ø)
...ain/kotlin/commands/packageconfig/CreateCommand.kt 47.27% <0.00%> (ø)
scanner/src/main/kotlin/storages/NoStorage.kt 0.00% <0.00%> (ø)
...canner/src/main/kotlin/storages/PostgresStorage.kt 73.46% <50.00%> (ø)
.../main/kotlin/commands/GetPackageLicensesCommand.kt 42.85% <0.00%> (ø)
...anner/src/main/kotlin/storages/FileBasedStorage.kt 63.15% <33.33%> (ø)
scanner/src/main/kotlin/storages/Sw360Storage.kt 0.00% <0.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

*/
fun read(id: Identifier): Result<List<ScanResult>> {
val (result, duration) = measureTimedValue { readInternal(id) }
fun read(pkg: Package): Result<List<ScanResult>> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

commit and this read() function: I have difficulties understanding which parts of the package will be used to determine which scan results are being returned and how. Can you help?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's indeed a bit hard to understand as the relevant parts are not implemented yet... because they couldn't, as the ClearlyDefined scan storage provider did not have access to the necessary information before this change.

Basically, the ClearlyDefined implementation would need to have access to the VCS location, source artifact location (and maybe also the binary source artifact location) in order to create a proper Coordinate for querying harvested (scan) results. A Coordinate includes a ComponentType and Provider, and in order to determine these properly, more Package properties than just the Identifier are required.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As Package contains many irrelevant properties I would prefer if the interface would only require the relevant values to have a cleaner API. But I would be fine with looking into it after fixing the ClearlyDefinedStorage.

@sschuberth sschuberth requested review from fviernau and a team October 6, 2023 08:08
*/
fun read(id: Identifier): Result<List<ScanResult>> {
val (result, duration) = measureTimedValue { readInternal(id) }
fun read(pkg: Package): Result<List<ScanResult>> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As Package contains many irrelevant properties I would prefer if the interface would only require the relevant values to have a cleaner API. But I would be fine with looking into it after fixing the ClearlyDefinedStorage.

@sschuberth sschuberth force-pushed the sschuberth/scan-storage-id-to-pkg branch from d48f748 to 686c9ec Compare October 6, 2023 12:20
A *package* based reader should indeed take a `Package` for all its
`read()` functions. This aligns with the existing `read()` function that
takes a `ScannerCriteria`, and it is a requirement for a proper
implementation of `ClearlyDefinedStorage` which uses coordinates with a
"provider" for lookup that can only be correctly constructed when
provenance information is available. So far the `ClearlyDefinedStorage`
hard-codes some assumptions in this regard, which will be corrected in
upcoming changes.

Signed-off-by: Sebastian Schuberth <[email protected]>
@sschuberth sschuberth force-pushed the sschuberth/scan-storage-id-to-pkg branch from 686c9ec to 5ae52c3 Compare October 6, 2023 12:31
@sschuberth
Copy link
Member Author

But I would be fine with looking into it after fixing the ClearlyDefinedStorage.

Thanks. I was considering an API like for PackageConfigurationProvider which has provenance: Provenance in addition to packageId: Identifier:

fun getPackageConfigurations(packageId: Identifier, provenance: Provenance): List<PackageConfiguration>

@sschuberth
Copy link
Member Author

@fviernau are yo also OK to merge?

@sschuberth sschuberth dismissed fviernau’s stale review October 6, 2023 16:26

Question has been answered.

@sschuberth sschuberth merged commit 1c4c0fc into main Oct 6, 2023
21 of 22 checks passed
@sschuberth sschuberth deleted the sschuberth/scan-storage-id-to-pkg branch October 6, 2023 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants