Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: replace lockfile detection with phylum status #322

Merged
merged 9 commits into from
Oct 6, 2023
Merged

feat: replace lockfile detection with phylum status #322

merged 9 commits into from
Oct 6, 2023

Conversation

maxrake
Copy link
Contributor

@maxrake maxrake commented Oct 4, 2023
edited
Loading

The changes here are centered around using phylum status for
project and dependency file information. The phylum status command for
printing project and lockfile details was added in CLI v5.1.0 but the
fix to search for manifests' lockfiles in parent, rather than child
directories was added in CLI v5.6.0, making this the new minimum CLI
version required for new and existing installs.

Now that both lockfiles and manifests are supported, the "lockfile"
language has been changed to the more general term "dependency file"
where it is externally visible (e.g., log and help output) but kept as
"lockfile" internally (e.g., code/variable names).

Actions taken include:

  • Use phylum status for common tasks instead of custom code to
    • look for dependency files in .phylum_project
    • detect the dependency files present
    • acquire the initial project file backup
  • Downgrade the minimum CLI version required for new/existing installs
  • Remove the straddling code for phylum analyze command usage
    • No longer needed now that the minimum CLI version is > v5.3.1-rc1
  • Remove the CINone implementation pre-requisite
    • Needing to run from the root of a git repository is no longer true
  • Provide warning message when attempting to create a Phylum project
    outside the top-level of a git repository
  • Remove 'pathspec' as primary dependency and update dependencies
  • Refresh the Phylum project by running phylum init with latest CLI
  • Update externally visible lockfile language throughout
    • Use dependency file instead, to represent lockfiles and manifests
  • Format and refactor throughout
    • Improve log messages
    • Change default image and fix typos in scripts/docker_test.sh

Closes #244

Checklist

  • Does this PR have an associated issue (i.e., closes #<issueNum> in description above)?
  • Have you ensured that you have met the expected acceptance criteria?
  • Have you created sufficient tests?
    • Manual testing only
  • Have you updated all affected documentation?

Testing

Changes from this PR have been built in a Docker image and hosted on Docker Hub for my account, as the lockfile_detection tag.

Local testing has been performed for a variety of scenarios. Screenshots are coming...

It is still not clear what to do for the situations where dependency files require more context for lockfile generation than just the previous/base version of that same file. For example, a provided manifest file that is part of a larger workspace may require a full checkout of the previous version of that file in order to have the directory structure available for determining where the generated lockfile goes...and then what it contains.

@maxrake
test: change default image and fix typos in 'docker_test.sh'
827ed71
@maxrake
build: remove 'pathspec' as primary dependency
c7cec67
@maxrake
Merge branch 'main' into lockfile_detection
191fcc0
@maxrake
build: update dependencies
e99395b
@maxrake
Merge remote-tracking branch 'origin/main' into lockfile_detection
79a5fbe
@maxrake
feat: replace lockfile detection with phylum status
bef93fa 
The changes here are centered around the use of `phylum status` for
project and dependency file information. The `phylum status` command for
printing project and lockfile details was added in CLI v5.1.0 but the
fix to search for manifests' lockfiles in parent, rather than child
directories was added in CLI v5.6.0, making this the new minimum CLI
version required for new and existing installs.

Now that both lockfiles and manifests are supported, the "lockfile"
language has been changed to the more general term "dependency file"
where it is externally visible (e.g., log and help output) but kept as
"lockfile" internally (e.g., code/variable names).

It is still not clear what to do for the situations where dependency
files require more context for lockfile generation than just the
previous/base version of that same file.

Actions taken include:

* Use `phylum status` for common tasks instead of custom code to
  * look for dependency files in `.phylum_project`
  * detect the dependency files present
  * acquire the initial project file backup
* Downgrade the minimum CLI version required for new/existing installs
* Remove the straddling code for `phylum analyze` command usage
  * No longer needed now that the minimum CLI version is > v5.3.1-rc1
* Remove the CINone pre-requisite
  * Needing to run from the root of a git repository is no longer true
* Provide warning message when attempting to create a Phylum project
  outside the top-level of a `git` repository
* Update externally visible `lockfile` language throughout
  * Use `dependency file` instead, to represent lockfiles and manifests
* Format and refactor throughout
  * Improve log messages

Closes #244
@maxrake maxrake requested a review from a team as a code owner October 4, 2023 17:57
@maxrake maxrake self-assigned this Oct 4, 2023
@maxrake maxrake requested a review from cd-work October 4, 2023 17:57
@github-actions
Copy link

github-actions bot commented Oct 4, 2023

Phylum OSS Supply Chain Risk Analysis - SUCCESS

The Phylum risk analysis is complete and has passed the active policy.

View this project in the Phylum UI

cd-work
cd-work reviewed Oct 5, 2023
View reviewed changes
pyproject.toml Show resolved Hide resolved
cd-work
cd-work requested changes Oct 5, 2023
View reviewed changes
src/phylum/ci/ci_base.py Show resolved Hide resolved
src/phylum/ci/ci_base.py Show resolved Hide resolved
src/phylum/ci/ci_none.py Show resolved Hide resolved
src/phylum/ci/lockfile.py Outdated Show resolved Hide resolved
src/phylum/ci/lockfile.py Show resolved Hide resolved
@maxrake maxrake requested a review from cd-work October 5, 2023 23:29
@maxrake maxrake merged commit 224e3a6 into main Oct 6, 2023
@maxrake maxrake deleted the lockfile_detection branch October 6, 2023 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cd-work cd-work cd-work approved these changes

Assignees

@maxrake maxrake

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Replace lockfile detection with phylum status
2 participants
@maxrake @cd-work