8000 feat: add "path:" syntax for syft tool by spiffcs · Pull Request #115 · anchore/yardstick · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat: add "path:" syntax for syft tool #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 16, 2023
Merged

feat: add "path:" syntax for syft tool #115

merged 5 commits into from
Aug 16, 2023

Conversation

spiffcs
Copy link
Contributor
@spiffcs spiffcs commented Aug 16, 2023

Summary

Similar to #111 - Adds the ability to install syft from local path.

When making updates to the SBOM that grype consumes it's important to allow local development on syft so that developers can test their changes E2E before submitting major changes to things that might affect matching logic such as PURL/CPE.

This change allows developers to use a build based on their local syft to experiment with different SBOM changes.

New Config Example that uses local syft changes against changes in grype and the stable latest

result-sets:
  example:
    description: "latest released grype vs grype from the current build"
    matrix:
      images: *images
      tools:
        - name: syft
          # note: we want to use a fixed version of syft for capturing all results (NOT "latest")
          version: path:/Users/me/development/syft
          produces: SBOM
          refresh: false

        - name: grype
          # for local build of grype, use for example:
          version: path:/Users/me/development/grype
          takes: SBOM

        - name: grype
          version: latest
          takes: SBOM

How it's shown in results:

0d1799c89-63c6-4290-81bc-7e89cc2b3b9a  docker.io/anchore/test_images@sha256:10008791acbc5866de04108746a02a0c4029ce3a4400a9b3dad45d7f2245f9da           syft@path:/Users/hal/GolandProjects/syft    2023-08-16 17:38:40.589609+00:00

spiffcs added 3 commits August 16, 2023 13:43
@spiffcs
feat: add path: syntax for syft tool
259de0e 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
fix: import and signature error
cfc59be 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
fix: upgrade to classmethod
1d1332d 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
willmurphyscode
willmurphyscode reviewed Aug 16, 2023
View reviewed changes
src/yardstick/tool/syft.py
if not path:
path = tempfile.mkdtemp()
atexit.register(shutil.rmtree, path)
dest_path = os.path.join(path.replace("path:", ""), build_version, "local_install")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the grype implementation, I wish I'd handled relative paths differently here.

This can end up with a path like: /Users/willmurphy/work/grype1373/test/quality/.yardstick/tools/grype/.._.._/v0.65.1-14-g8693d1f-dirty-72aef183 and I with the .._.._ fragment looked better, but I'm not sure it matters. I wish it didn't start with a . because I don't like hidden files.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let me see if I can just remove that fragment all together

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried to find a reasonable way around this and can't find a good way to dispose of that fragment yet. Do you mind if we punt on this comment and I'll come back and follow up with a separate PR when I have more cycles?

willmurphyscode
willmurphyscode reviewed Aug 16, 2023
View reviewed changes
willmurphyscode
willmurphyscode reviewed Aug 16, 2023
View reviewed changes
spiffcs added 2 commits August 16, 2023 14:25
@spiffcs
fix: use similar prefix
fda8f90 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs
fix: util function for local_build
926f7b4 
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
@spiffcs spiffcs force-pushed the allow-syft-from-local branch from c008487 to 926f7b4 Compare August 16, 2023 19:30
@spiffcs spiffcs merged commit d88e147 into main Aug 16, 2023
@spiffcs spiffcs deleted the allow-syft-from-local branch August 16, 2023 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willmurphyscode willmurphyscode willmurphyscode approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spiffcs @willmurphyscode
0