Skip to content

[ISV-5787] Remove child digests from externalRefs #269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chmeliik merged 2 commits into from
Apr 3, 2025
Merged

[ISV-5787] Remove child digests from externalRefs #269

chmeliik merged 2 commits into from
Apr 3, 2025

Conversation

@mavaras
Copy link
Contributor

@mavaras mavaras commented Mar 28, 2025
edited
Loading

The build-time index SBOM creation script does not create index image SBOMs as per guidelines (the externalRefs should only contain purls with versions pointing to the index image, not the child digests).

  • Updates build-time index SBOM creation script
  • Udpates tests accordingly

@mavaras mavaras requested a review from a team as a code owner March 28, 2025 17:46
@mavaras
Copy link
Contributor Author

mavaras commented Mar 28, 2025

@jedinym please take a look. Thanks

BorekZnovustvoritel
BorekZnovustvoritel reviewed Mar 31, 2025
View reviewed changes
sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated
_, val = self.digest.split(":")
return val

def purls(self, index_digest: Optional[str] = None) -> list[str]:
Copy link
Contributor

@BorekZnovustvoritel BorekZnovustvoritel Mar 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: I think this argument should no longer be Optional with a default value.

Suggested change
def purls(self, index_digest: Optional[str] = None) -> list[str]:
def purls(self, index_digest: str) -> list[str]:

Copy link
Contributor Author

@mavaras mavaras Mar 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR updated

Copy link
Collaborator

@chmeliik chmeliik Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call on making it non-Optional. When I checkout the PR locally, my editor reports type errors which seem like potentially genuine bugs. Will comment inline

@jedinym
Copy link

jedinym commented Mar 31, 2025

@BorekZnovustvoritel What is the process on getting this into usage? Do we need to merge and wait for the image to be built, then change the digest in build-definitions?

@BorekZnovustvoritel
Copy link
Contributor

BorekZnovustvoritel commented Mar 31, 2025

@BorekZnovustvoritel What is the process on getting this into usage? Do we need to merge and wait for the image to be built, then change the digest in build-definitions?

Yes, I think so. Refer to this PR

BorekZnovustvoritel
BorekZnovustvoritel approved these changes Mar 31, 2025
View reviewed changes
Copy link
Contributor

@BorekZnovustvoritel BorekZnovustvoritel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, this should work fine.

chmeliik
chmeliik reviewed Apr 1, 2025
View reviewed changes
Copy link
Collaborator

@chmeliik chmeliik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mavaras could you please update the commit message(s) to explain what is being done and why? I have no context for this

@mavaras mavaras force-pushed the ISV-5787 branch 3 times, most recently from 3189c1e to e2531b6 Compare April 1, 2025 07:35
@mavaras mavaras requested a review from chmeliik April 1, 2025 13:16
chmeliik
chmeliik reviewed Apr 2, 2025
View reviewed changes
jedinym
jedinym reviewed Apr 2, 2025
View reviewed changes
sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated
Comment on lines 58 to 70
def purls(self) -> list[str]:
qualifiers = {"repository_url": self.repository}
if self.arch is not None:
qualifiers["arch"] = self.arch

purl = PackageURL(
type="oci",
name=self.name,
version=self.digest,
qualifiers=qualifiers,
).to_string()

return [purl]
Copy link

@jedinym jedinym Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function always returns a single value, let's ditch the list.

Copy link
Contributor Author

@mavaras mavaras Apr 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR updated

jedinym
jedinym approved these changes Apr 2, 2025
View reviewed changes
Copy link

@jedinym jedinym left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

chmeliik
chmeliik reviewed Apr 2, 2025
View reviewed changes
Copy link
Collaborator

@chmeliik chmeliik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tests failed, PTAL. I think that we're currently using the arch-specific digests instead of the index image digests as intended

Btw, you can run tests with tox locally

@mavaras
Copy link
Contributor Author

mavaras commented Apr 2, 2025

Tests failed, PTAL. I think that we're currently using the arch-specific digests instead of the index image digests as intended

Btw, you can run tests with tox locally

Tests updated. Passing locally

@chmeliik
Copy link
Collaborator

chmeliik commented Apr 2, 2025

Tests updated. Passing locally

Ah, I think it was the script code that needed an update, not the tests. Now, the test data has different digests in the purl for the SPDXRef-image-index and in the child image purls, but the digests should be the same

@mavaras
[ISV-5787] Remove child digests from externalRefs
2884148 
- Updates build-time index SBOM creation script
- Udpates tests accordingly
@mavaras mavaras requested a review from chmeliik April 3, 2025 07:40
@chmeliik
Copy link
Collaborator

chmeliik commented Apr 3, 2025

/ok-to-test

@jedinym
Copy link

jedinym commented Apr 3, 2025

LGTM

@chmeliik
Copy link
Collaborator

chmeliik commented Apr 3, 2025

/retest

@chmeliik
Copy link
Collaborator

chmeliik commented Apr 3, 2025

/ok-to-test

@chmeliik
Copy link
Collaborator

chmeliik commented Apr 3, 2025

quay.io is not too stable these days, huh

/retest

@jedinym
Copy link

jedinym commented Apr 3, 2025

another 502
/retest

@chmeliik chmeliik merged commit 93661cf into konflux-ci:main Apr 3, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jedinym jedinym jedinym approved these changes

@chmeliik chmeliik chmeliik approved these changes

@BorekZnovustvoritel BorekZnovustvoritel BorekZnovustvoritel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mavaras @jedinym @BorekZnovustvoritel @chmeliik