Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-design the representation of an analysis target in Macaron #465

Open
tromai opened this issue Sep 8, 2023 · 0 comments
Open

Re-design the representation of an analysis target in Macaron #465

tromai opened this issue Sep 8, 2023 · 0 comments
Assignees
@tromai
Milestone
Change the data m...

Comments

@tromai
Copy link
Member

tromai commented Sep 8, 2023

Previously, an analysis target in Macaron is represented in the Configuration class. Each instance of this class contains the necessary information for Macaron to run the analysis on a target:

  • Repository path
  • The branch name
  • The commit

In our new data model (in this PR), we are moving on to uniquely defining each analysis target using a PURL and the source definition (repo-path, branch and digest) is optional for each analysis target. It is obvious that we need to improve the old Configuration class to match with this new model.

In this PR, initial support for using PURL as the unique ID is implemented. However, after merging, we noticed 2 problems:

  1. We didn't adding PURL to the schema for the YAML input file (provided from --config-path). The reason was documented in this Github issue.
  2. The intermediate representation of an analysis target AnalysisTarget that I added into our code base because of known limitation in the Configuration class (I added it to support with type restrictions and value validation). However, this AnalysisTarget again add another layer of abstraction and duplicate some values already exist in the Configuration class.

These two problems cannot be solved in isolated because that inconsistency arises due to AnalysisTarget being the new, purl-based way of doing things, and Configuration being the old, non-purl-based way of doing things, and the transition of Macaron to be purl-based is incomplete, such that Configuration cannot simply be removed because another feature depends on it (see this comment).

In order to resolve these two problems, there are these prerequisites:

  • The ability to map between a PURL to the source definition (repository@commit). This ability should be within the repository finder.
  • The ability to provide a custom mappings between the PURL and source definition (which could then replace the functionality in the existing YAML input for the integration tests).
  • The ability to only checkout a commit without requiring a branch name (this is because the PURL usually don't contain the branch information but only the commit digest, in additions, the repo finder should only find the specific commit that belongs to an artifact).

After that, these two problems could then be resolved completely.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tromai tromai

Labels
None yet
Projects
None yet
Milestone
Change the data model to allow analys...
Development

No branches or pull requests
1 participant
@tromai