Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test to ensure package metadata is represented in the JSON schema #1841

Merged
merged 7 commits into from
May 25, 2023

Conversation

wagoodman
Copy link
Contributor

Today we generate our JSON schema from our go types. We create a single ArtifactMetadataContainer type in the schema/json package that has all github.com/anchore/syft/pkg.*Metadata structs defined on it, and use this type to infer what can be expressed in the pkg.Package.Metadata field. This approach has worked well, but there is one shortcoming: when a new type is added someone needs to remember to add this type to the ArtifactMetadataContainer type.

This PR improves this some by adding a unit test that will fail when there is a new type that appears to be a metadata type within the pkg package that is not represented on ArtifactMetadataContainer.

Screenshot 2023-05-23 at 3 48 13 PM

Additionally, the generate-json-schema make target has been updated to generate the ArtifactMetadataContainer struct based on the latest analysis of the source code in the pkg package.

Screenshot 2023-05-23 at 3 54 42 PM

All of this will help ensure that we are not introducing data shape changes without updating the schema and are hyper aware of any breaking changes occurring to the schema within the PR making that change.

wagoodman added 5 commits May 22, 2023 12:38
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman added this to the Stabilize user surfaces milestone May 23, 2023
@wagoodman wagoodman requested a review from a team May 23, 2023 19:56
@wagoodman wagoodman self-assigned this May 23, 2023
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@github-actions
Copy link

github-actions bot commented May 23, 2023

Benchmark Test Results

Benchmark results from the latest changes vs base branch
goos: linux%0Agoarch: amd64%0Apkg: github.com/anchore/syft/test/integration%0Acpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz%0A                                                          │ ./.tmp/benchmark-8c31f70.txt │%0A                                                          │            sec/op            │%0AImagePackageCatalogers/alpmdb-cataloger-2                                   11.87m ±  1%25%0AImagePackageCatalogers/apkdb-cataloger-2                                    680.3µ ±  1%25%0AImagePackageCatalogers/binary-cataloger-2                                   203.3µ ±  2%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                   540.0µ ±  2%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                              1.205m ±  4%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                         93.04µ ± 13%25%0AImagePackageCatalogers/java-cataloger-2                                     13.09m ±  4%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                     91.08µ ±  1%25%0AImagePackageCatalogers/javascript-package-cataloger-2                       365.6µ ±  0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                245.2µ ±  1%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                   726.3µ ±  0%25%0AImagePackageCatalogers/portage-cataloger-2                                  406.3µ ±  0%25%0AImagePackageCatalogers/python-package-cataloger-2                           3.117m ±  1%25%0AImagePackageCatalogers/r-package-cataloger-2                                176.6µ ±  1%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                   462.4µ ±  1%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                             842.6µ ±  1%25%0AImagePackageCatalogers/sbom-cataloger-2                                     117.9µ ±  0%25%0Ageomean                                                                     573.8µ%0A%0A                                                          │ ./.tmp/benchmark-8c31f70.txt │%0A                                                          │             B/op             │%0AImagePackageCatalogers/alpmdb-cataloger-2                                   5.127Mi ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                    204.9Ki ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                   30.29Ki ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                   168.8Ki ± 0%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                              404.1Ki ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                         9.906Ki ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                     2.826Mi ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                     8.594Ki ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                       101.1Ki ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                49.13Ki ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                   186.4Ki ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                  120.0Ki ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                           1.003Mi ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                53.30Ki ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                   181.2Ki ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                             144.2Ki ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                     14.21Ki ± 0%25%0Ageomean                                                                     132.8Ki%0A%0A                                                          │ ./.tmp/benchmark-8c31f70.txt │%0A                                                          │          allocs/op           │%0AImagePackageCatalogers/alpmdb-cataloger-2                                    87.75k ± 0%25%0AImagePackageCatalogers/apkdb-cataloger-2                                     4.182k ± 0%25%0AImagePackageCatalogers/binary-cataloger-2                                     830.0 ± 0%25%0AImagePackageCatalogers/dpkgdb-cataloger-2                                    3.000k ± 0%25%0AImagePackageCatalogers/dotnet-deps-cataloger-2                               6.338k ± 0%25%0AImagePackageCatalogers/go-module-binary-cataloger-2                           281.0 ± 0%25%0AImagePackageCatalogers/java-cataloger-2                                      39.81k ± 0%25%0AImagePackageCatalogers/graalvm-native-image-cataloger-2                       228.0 ± 0%25%0AImagePackageCatalogers/javascript-package-cataloger-2                        1.405k ± 0%25%0AImagePackageCatalogers/nix-store-cataloger-2                                  895.0 ± 0%25%0AImagePackageCatalogers/php-composer-installed-cataloger-2                    4.079k ± 0%25%0AImagePackageCatalogers/portage-cataloger-2                                   2.269k ± 0%25%0AImagePackageCatalogers/python-package-cataloger-2                            16.44k ± 0%25%0AImagePackageCatalogers/r-package-cataloger-2                                  929.0 ± 0%25%0AImagePackageCatalogers/rpm-db-cataloger-2                                    3.989k ± 0%25%0AImagePackageCatalogers/ruby-gemspec-cataloger-2                              2.447k ± 0%25%0AImagePackageCatalogers/sbom-cataloger-2                                       394.0 ± 0%25%0Ageomean                                                                      2.582k

Comment on lines +21 to +31
func AllSyftMetadataTypeNames() ([]string, error) {
root, err := repoRoot()
if err != nil {
return nil, err
}
files, err := filepath.Glob(filepath.Join(root, "syft/pkg/*.go"))
if err != nil {
return nil, err
}
return findMetadataDefinitionNames(files...)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some related data here, could you use any of these exported lists? These need to be kept up to date, used when decoding CDX.

Copy link
Contributor Author

@wagoodman wagoodman May 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought about using these, but the pkg.MetadataType will be something that is removed closer to syft 1.0 #1735 which means this map would be a format-only concern. So instead I leaned towards the current ast approach, which has the added benefit of not needing to remember to add it to a central list/map, in which case the PR protection would be a little more brittle.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, but the list of all metadata types is something needed by the Syft format decoder once the pkg.MetadataType goes away, which is specifically a concern with the Syft schema, is it not?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see -- that is, we should have a single source of truth for these sets. I'll try to account for that in this PR (warning, the scope will creep a bit, but I think it's warranted).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still agree with trying to get down to a single source of truth, however, I feel that is better tackled in #1735 and #1844 since there are naming inconsistencies and decoding considerations to make here. Additionally, this PR doesn't add another source of truth, this container struct being created exists today and is now being generated. Hopefully with the other two issues they can expand on this generation to include more things.

@wagoodman wagoodman added the json Regarding JSON output label May 23, 2023
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
@wagoodman wagoodman merged commit 74013d7 into main May 25, 2023
@wagoodman wagoodman deleted the reflect-metadata-schema branch May 25, 2023 17:26
spiffcs added a commit that referenced this pull request Jun 5, 2023
* main: (21 commits)
  chore(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#1862)
  chore(deps): bump modernc.org/sqlite from 1.22.1 to 1.23.0 (#1863)
  feat: source-version flag (#1859)
  chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#1851)
  accept main.version ldflags even without vcs (#1855)
  feat: add scope to pom properties (#1779)
  chore(deps): bump github.com/stretchr/testify from 1.8.3 to 1.8.4 (#1852)
  chore(deps): bump github.com/docker/docker (#1849)
  Add test to ensure package metadata is represented in the JSON schema (#1841)
  Fix directory resolver to consider CWD and root path input correctly (#1840)
  Migrate location-related structs to the file package (#1751)
  chore(deps): bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#1843)
  fix: add panic recovery for license parse (#1839)
  chore: return both failures when failed to retrieve an image with a scheme (#1801)
  Extract go module versions from ldflags for binaries built by go (#1832)
  fix: duplicate packages, support pnpm lockfile v6 (#1778)
  chore(deps): update stereoscope to e14bc4437b2eac481c5b6f101890b22df4f33596 (#1834)
  chore(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3 (#1829)
  chore(deps): bump github.com/docker/docker (#1833)
  Keep original FileInfo persisted on file.Metadata structs (#1794)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
…anchore#1841)

* [wip] try to reflect metadata types... probably wont work

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* refactor to add unit test to ensure there is coverage in the schema

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* [wip] generate metadata container

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* add generation of metadata container struct for JSON schema generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* fix linting

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

* update linter script to account for code generation

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>

---------

Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
json Regarding JSON output
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants