feat: map artifacts to commits via repo tags #508
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oracle-contributor-agreement
bot
added
the
OCA Verified
This comment was marked as outdated.
This comment was marked as outdated.
tromai
reviewed
Oct 12, 2023
tromai
reviewed
Oct 17, 2023
tromai
reviewed
Oct 19, 2023
tromai
previously approved these changes
Oct 19, 2023
behnazh-w
reviewed
Oct 25, 2023
There was a problem hiding this comment.
Looks like for pkg:maven/com.google.guava/[email protected]?type=jar the commit finder maps the artifact to (adde55ee1f9bc7fb053183b5465f413547c198fe) which is the latest commit on master.
Can you please create tasks for the following items in the PR description?
- We should cover cases where artifact versions have suffixes that do not match tags.
- If a tag is not found, as we had discussed before, we shouldn't fall back to the latest commit. Instead, the repository should be None to fit it the current data model.
- Since we have a commit mapping feature, we shouldn't need to pin tests in the integration tests to a commit anymore. Just passing the purl should be enough. So, we can probably remove at least some of the -c config.yaml runs in the integration tests with purl
Here is one dependency from apache_maven_root_sbom.json which we use in our integration tests that is also mapped to the latest commit: pkg:maven/org.junit.jupiter/[email protected]?type=jar
This was referenced Oct 26, 2023
benmss
force-pushed
the
430-artifact-to-commit-mapping
branch
from
f7259eb to
f833fff
Compare
nathanwn
reviewed
Nov 1, 2023
nathanwn
reviewed
Nov 1, 2023
nathanwn
reviewed
Nov 1, 2023
nathanwn
reviewed
Nov 1, 2023
nathanwn
reviewed
Nov 2, 2023
nathanwn
reviewed
Nov 2, 2023
nathanwn
reviewed
Nov 2, 2023
nathanwn
reviewed
Nov 2, 2023
nathanwn
reviewed
Nov 2, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
nathanwn
reviewed
Nov 3, 2023
…on of string; simplify last array item lookup and string prefix removal; fix failed string replacement Signed-off-by: Ben Selwyn-Smith <[email protected]>
…e commit finder tests to new file Signed-off-by: Ben Selwyn-Smith <[email protected]>
…t of loop and extended to safely support three extensions Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
… comments Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
…tains a version-like part Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
…commit finder unit testing Signed-off-by: Ben Selwyn-Smith <[email protected]>
…try/except in test Signed-off-by: Ben Selwyn-Smith <[email protected]>
…tern; allow exact artefact name as a valid prefix Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
…ved surplus check from commit finder test Signed-off-by: Ben Selwyn-Smith <[email protected]>
…ge; update e2e test file path; extract purl type check into standalone function and add unit test Signed-off-by: Ben Selwyn-Smith <[email protected]>
…ogic Signed-off-by: Ben Selwyn-Smith <[email protected]>
benmss
force-pushed
the
430-artifact-to-commit-mapping
branch
from
bf9bcb7 to
c27bd35
Compare
nathanwn
reviewed
Nov 30, 2023
nathanwn
reviewed
Nov 30, 2023
…re suitable location Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Signed-off-by: Ben Selwyn-Smith <[email protected]>
nathanwn
approved these changes
Dec 7, 2023
Signed-off-by: Ben Selwyn-Smith <[email protected]>
behnazh-w
approved these changes
Dec 17, 2023
8 tasks
art1f1c3R
pushed a commit
that referenced
this pull request
Nov 29, 2024
Signed-off-by: Ben Selwyn-Smith <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This feature allows artifacts with a specified version to be mapped to the repository commit they were created from.
The mapping is achieved through use of repository tags, where these tags match the specified version sufficiently.
Tag to version comparisons are performed using regular expression.
Tags are expected to be of the format (with allowances for extra characters):
[<artifact_name>-]<version>artifact_nameis an optional prefix that matches the name of the related artifact, e.g. "commons-io".<version>is a string of some number of alphanumeric characters that can be (multi-) separated by any number of non-numeric characters.Examples of accepted tag versions:
v1.2.31_2_31.2.3-DEV1.2.3.RELEASEr1rv231.2.3.v123123Further changes to this PR are in progress: