Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sort sbom packages by PURL #1288

Merged
merged 1 commit into from
Oct 3, 2024
Merged

fix: sort sbom packages by PURL #1288

merged 1 commit into from
Oct 3, 2024

Conversation

G-Rath
Copy link
Collaborator

@G-Rath G-Rath commented Sep 30, 2024

This both ensures the output is consistent for tests and I think is better for readability as it means packages end up grouped by their ecosystem

@codecov-commenter
Copy link

codecov-commenter commented Sep 30, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.53%. Comparing base (a20e520) to head (67d190b).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1288      +/-   ##
==========================================
- Coverage   68.53%   68.53%   -0.01%     
==========================================
  Files         175      175              
  Lines       16804    16807       +3     
==========================================
+ Hits        11516    11518       +2     
- Misses       4661     4662       +1     
  Partials      627      627

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@G-Rath G-Rath mentioned this pull request Sep 30, 2024
Merged
@G-Rath
Copy link
Collaborator Author

G-Rath commented Sep 30, 2024

As part of doing this I looked into trying to ensure everything is sorted as part of output processing but I found:

  1. it didn't seem to change the output order for the sbom path
  2. it would have been too late for things like config override processing

In hindsight, it's probably overall better to try and avoid as much sorting as possible in output to avoid "oversorting"? i.e. ideally packages and the like should get sorted ASAP before being handed off by their constructing functions

@another-rex another-rex merged commit cec1fa4 into google:main Oct 3, 2024
14 checks passed
@another-rex another-rex deleted the fix/sort-output branch October 3, 2024 06:29
another-rex pushed a commit that referenced this pull request Oct 17, 2024
@G-Rath
fix: warn about and ignore duplicate entries in SBOMs (#1289)
969eb66 
While from what I understand duplicates should not be possible in a
valid SBOM, apparently they happen and it's useful for us to report +
skip them.

Since doing this efficiently requires use of a map we in turn have to
sort the packages to ensure a consistent output order, leading to me
discovering that we're not already sorting the packages - I've opened
#1288 to land that change first.

Resolves #330
@BrewTestBot BrewTestBot mentioned this pull request Oct 31, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hogo6002 hogo6002 hogo6002 approved these changes

@another-rex another-rex another-rex approved these changes

@cuixq cuixq Awaiting requested review from cuixq

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@G-Rath @codecov-commenter @hogo6002 @another-rex