-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(Repository): Use KnownProvenance instead of VcsInfo #8764
base: main
Are you sure you want to change the base?
feat(Repository): Use KnownProvenance instead of VcsInfo #8764
Conversation
c5852c3
to
dd222f1
Compare
plugins/reporters/freemarker/src/test/kotlin/FreeMarkerTemplateProcessorTest.kt
Fixed
Show fixed
Hide fixed
plugins/reporters/freemarker/src/test/kotlin/FreeMarkerTemplateProcessorTest.kt
Fixed
Show fixed
Hide fixed
3f1306d
to
fdf3ebb
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #8764 +/- ##
=========================================
Coverage 67.79% 67.79%
Complexity 1164 1164
=========================================
Files 243 243
Lines 7711 7711
Branches 861 861
=========================================
Hits 5228 5228
Misses 2127 2127
Partials 356 356
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
26e0a8f
to
a210a69
Compare
a210a69
to
798ac95
Compare
729a29d
to
2f69343
Compare
@@ -83,6 +83,11 @@ data class VcsInfo( | |||
* Return a [VcsInfoCurationData] with the properties from this [VcsInfo]. | |||
*/ | |||
fun toCuration() = VcsInfoCurationData(type, url, revision, path) | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit message nits:
- Duplicate "method" in first sentence.
- Please use passive voice, i.e. no "we", "I", "us" etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I overhauled the commit message after the changes to the commit.
EDIT: had to force push the old version, in order to see your reviews on the correct commit.
I will go through everything first before pushing any changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pushed new commits with code changes only.
I will squash them once they are reviewed and accepted.
Afterwards I will update the commit messages and force push.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just pushed the squashed commits with the overhauled messages.
model/src/main/kotlin/VcsInfo.kt
Outdated
@@ -83,6 +83,11 @@ data class VcsInfo( | |||
* Return a [VcsInfoCurationData] with the properties from this [VcsInfo]. | |||
*/ | |||
fun toCuration() = VcsInfoCurationData(type, url, revision, path) | |||
|
|||
/** | |||
* Return true if this vcs information matches the other vcs information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/vcs/VCS/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docs for this function require some special attention: The matching disregards the path
property (otherwise just vcsInfoA == vcsInfoB
could have been used for matching). So in a way this is a bit similar to a PackageCuration
's isApplicableDisregardingVersion()
function, and I'd name it as equalsDisregardingPath()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right, I missed that. I'll change the name and refactored any related changes accordingly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I change the name and the doc, should the same doc changes be applied to the matches
method in RespositoryProvenance
in the next commit:
f43b5d9#diff-db17c034876de657175ab28d452f2812913baba034a764c609990260ce101751
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not necessarily. The current docs already make clear the only the normalized VCS info is compared, so I think we're good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
model/src/main/kotlin/Provenance.kt
Outdated
* provenance's normalized [VcsInfo][vcsInfo]. | ||
*/ | ||
override fun matches(other: Provenance): Boolean = | ||
other is RepositoryProvenance && other.vcsInfo.normalize().matches(vcsInfo.normalize()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this disregarding the resolvedRevision
? And if that's a mistake, why not simply use provenanveA == provenanceB
for matching Provenance
s?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was not done on purpose.
why not simply use
provenanveA == provenanceB
for matchingProvenance
s?
Because Repository
used the equalsDisregardingPath
style matches
before, and I wanted to ensure the same behavior as before. IIRC some tests would also fail with just ==
between VcsInfo
, which provenanveA == provenanceB
would imply, correct?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
which
provenanveA == provenanceB
would imply, correct?
Yes, ==
on data class
es is a "recursive equals()".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a comparison of resolvedRevision
.
model/src/main/kotlin/Provenance.kt
Outdated
@@ -80,7 +80,9 @@ data class RepositoryProvenance( | |||
val resolvedRevision: String | |||
) : KnownProvenance { | |||
init { | |||
require(resolvedRevision.isNotBlank()) { "The resolved revision must not be blank." } | |||
require(vcsInfo == VcsInfo.EMPTY || resolvedRevision.isNotBlank()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit message nits:
- s/vcs/VCS/
- s/git/Git/
- Odd indentation before "Both"
- Again use passive voice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Logic-wise, I'd prefer to have the clause order swapped. Usually we require resolvedRevision.isNotBlank()
but if it is blank, the whole VcsInfo
must be empty: resolvedRevision.isNotBlank() || vcsInfo == VcsInfo.EMPTY
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- s/vcs/VCS/
vcs
is part of a test case name string. so changing the capitalization would erode the reference.
Maybe I should change the format to "fail if no vcs matches"
to make this more clear and also explicitly call them test cases?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Swapped the logic around.
@@ -42,6 +42,7 @@ import org.ossreviewtoolkit.model.AnalyzerResult | |||
import org.ossreviewtoolkit.model.AnalyzerRun | |||
import org.ossreviewtoolkit.model.OrtResult | |||
import org.ossreviewtoolkit.model.Repository | |||
import org.ossreviewtoolkit.model.RepositoryProvenance |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Commit message:
- Again use passive voice
- Typo in "generallized" -> "generalized"
- "Repository" -> "
Repository
class" (use backticks so it's clear you refer to the class name) - "accomidateing" -> "accommodating"
- "then main" -> "the main"
- "depreacted" -> "deprecated"
- "realted" -> "related"
model/src/main/kotlin/Repository.kt
Outdated
|
||
/** | ||
* The configuration of the repository, parsed from [ORT_REPO_CONFIG_FILENAME]. | ||
*/ | ||
val config: RepositoryConfiguration = RepositoryConfiguration() | ||
) { | ||
companion object { | ||
private const val DEFAULT_REVISION = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is more "empty" than "default". And I'd simply inline it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
model/src/main/kotlin/Repository.kt
Outdated
nestedRepositories = emptyMap(), | ||
config = RepositoryConfiguration() | ||
) | ||
} | ||
|
||
fun vcs(): VcsInfo { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Alternatively, this could be a getter-property annotated with JsonIgnore
. Same below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Let's see if the tests like me.
@@ -80,7 +80,9 @@ data class RepositoryProvenance( | |||
val resolvedRevision: String | |||
) : KnownProvenance { | |||
init { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why haven't you decided for keeping the require as-is, and make the tests construct instances with non-empty resolved revision?
I'm asking to me it seems that if repository provenance is sued, the VCS info should not be empty, because otherwise it would be an Unkown provenance, wouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are probably correct. Changing the tests¹ to use "main"
as revision instead of blank, like I did for model/src/test/kotlin/OrtResultTest.kt, might be the better way to solve the issue with the tests, than allowing blank resolvedRevision
s in RepositoryProvenance
for VcsInfo.Empty
.
However, the Analyzer also allows VcsInfo.Empty
to be passed from workingTree
to the Repository
. And with VcsInfo.Empty
workingTree
will very likely also return an empty revision. So in order to not change that behavior of the Analyzer and Repository in this case, I added this exception to RepositoryProvenance
.
I have not yet noticed any issues regarding non-Repository
uses of the RepositoryProvenance
.
Still you are bringing up some good points, maybe the Analyzer
behavior could change in this case? Then we could revert the exception to RepositoryProvenance
. We could dial this in once we handle other Provenance
s in the Analyzer
.
¹ evaluator/src/test/kotlin/TestData.kt
model/src/test/kotlin/licenses/TestData.kt
reporter/src/testFixtures/kotlin/TestData.kt
model/src/main/kotlin/Repository.kt
Outdated
|
||
/** | ||
* A map of nested repositories, for example Git submodules or Git-Repo modules. The key is the path to the | ||
* nested repository relative to the root of the main repository. | ||
*/ | ||
@JsonInclude(JsonInclude.Include.NON_EMPTY) | ||
val nestedRepositories: Map<String, VcsInfo> = emptyMap(), | ||
val nestedRepositories: Map<String, KnownProvenance> = emptyMap(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nested repositories can remain VcsInfo or alternatively repository provenance, because by definition this can only be a repository.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So Provenance
s have no hierarchy? The information required to create nestedRepositories
is only available when using Git as a VCS?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Correct, Git
and GitRepo
are the only implementors of WorkingTree.getNested()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just pushed the rebased and squashed version.
Can we have a GitHub issue which describes exactly the goal of this effort? In particular, mention explicitly in which cases we want to support local file provenance. (e.g. analyzer, scanner, scan storages, ...). I'm still worried about the added complexity of this refactoring, compared to the value it will provide, but having the goal clearly statet would at least ensure we are reviewing against the same outlined goal. |
I have started such an issue at #8803 for people to comment on. |
ca44715
to
665ab20
Compare
As was pointed out during the code review [1], there is now need to change `nestedRepositories` to support `Provenance`s, as only `git` is supported for `nestedRepositories`, which always contains `vcsInfo`. In order to reduce the amount of changes for this PR, any changes regarding `nestedRepositories` are now reverted. [1] oss-review-toolkit#8764 (comment) Signed-off-by: Jens Keim <jens.keim@forvia.com>
As was pointed out during the code review [1], there is now need to change `nestedRepositories` to support `Provenance`s, as only `git` is supported for `nestedRepositories`, which always contains `vcsInfo`. In order to reduce the amount of changes for this PR, any changes regarding `nestedRepositories` are now reverted. [1] oss-review-toolkit#8764 (comment) Signed-off-by: Jens Keim <jens.keim@forvia.com>
f32bdf5
to
ac06be1
Compare
…ath` Up until now the method `VcsInfo.matches(VcsInfo)` was only defined and used inside the `Repository` class. With shifting from `VcsInfo` to `RepositoryProvenance`, the matcher needs to be available inside of `RepositoryProvenance`. For that purpose, it gets moved into `VcsInfo` proper, in order to be available anywhere `VcsInfo` is used. It further gets a new name `equalsDisregardingPath`, since it disregards the path, when matching `VcsInfo`s. [1] [1] oss-review-toolkit@9d271b5#r1655333611 Signed-off-by: Jens Keim <jens.keim@forvia.com>
In preparation of replacing `VcsInfo` in `Repository` with `KnownProvenance`, a method to match `Provenance` against each other was added. This inherited method, allows any `Provenace` to be matched against any other. Since the type is verified to be equal before matching any attributes, it can even match against `UnknownProvenance`, no need to limit it to `KnownProvenance`. Signed-off-by: Jens Keim <jens.keim@forvia.com>
This will allow tests using `Repository` objects with `VcsInfo.EMPTY` to continue to function, even though `RepositoryProvenance` does not usually allow blank revisions. By restricting the exception to `VcsInfo.EMPTY` any other behavior of `RepositoryProvenance` should be retained. Some unrelated `OrtResultTest`s had to be given non-blank revisions: Both test cases `"fail if no vcs matches"` and `"use the correct vcs"` don't hinge on the given blank revision, so to assure they do not fail for unrelated reasons, the default Git revision "main" was added to the example repos. Signed-off-by: Jens Keim <jens.keim@forvia.com>
In order to allow source artifacts as well as local source code to be scanned, a more generalized `Repository` class is required, which allows any type of `KnownProvenance`. While the signature of the `Repository` class is set to allow any `KnownProvenance` object, this commit focuses on accommodating `RepositoryProvenance` as the main input for now. Therefore `VcsInfo` is wrapped within `RepositoryProvenance`, whenever it is used as input, and unwraped, when it is produced as output. This results in a faster update of the now deprecated code, without the necessity to support all `KnownProvenance` types from the get go. Any related tests are also updated, mostly the expected `OrtResults`, but also some `Repository` definitions and calls. To avoid having `vcs` and `vcsProcessed` appear in the `OrtResult` output, getter properties were created and marked as `@JsonIgnore`. Signed-off-by: Jens Keim <jens.keim@forvia.com>
ac06be1
to
ba2a2a2
Compare
@sschuberth @fviernau I know, you are still considering if this refactoring is the right way, but if you could find the time to review the current changes that would be great. Since most changes regard code quality and commit messages, it would be great to know if the changes know meet your standards. Not only for this PR, but also for future work. |
In order to allow source artifacts as well as local source code to be scanned, we require a more generallized Repository, which allows any type of
KnownProvenance
. While we still set the signature ofRepository
to allowKnownProvenance
s, this commit focuses on accomidateingRepositoryProvenance
as then main input for now.Therefore we wrap
VcsInfo
withRepositoryProvenance
, whenever it is used as input, and unwrap it, when it is produced as output. This gives us a quick update of the now depreacted code, without the necessity to support allKnownProvenance
types from the get go.We also update any realted tests, mostly the expected
OrtResults
, but also someRepository
definitions and calls.To avoid having
vcs
andvcsProcessed
appear in theOrtResult
output, we change them to be a method (fun) instead of a variable (val). This is still a soft refactor, to keep the widely usedvcsProcessed
available for now. We might still remove it later.Signed-off-by: Jens Keim jens.keim@forvia.com
Part of: #8803.