Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ISV-5128): add new Tekton task to update component sboms #656

Merged
merged 1 commit into from
Nov 20, 2024
Merged

feat(ISV-5128): add new Tekton task to update component sboms #656

merged 1 commit into from
Nov 20, 2024

Conversation

wcheang
Copy link
Contributor

@wcheang wcheang commented Oct 31, 2024

No description provided.

@wcheang wcheang requested a review from a team as a code owner October 31, 2024 03:58
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Oct 31, 2024

Hi @wcheang. Thanks for your PR.

I'm waiting for a konflux-ci member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

mmalina
mmalina reviewed Oct 31, 2024
View reviewed changes
Copy link
Contributor

@mmalina mmalina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"wip" is not a valid commit title prefix. This should probably be "feat". If you want to say that it's not ready for review yet, you can change the PR to Draft. (If a PR is created as Draft from the start, the reviewers won't be added until it's changed to Ready - maybe for next time.)

@wcheang wcheang marked this pull request as draft October 31, 2024 13:24
@wcheang wcheang changed the title wip(ISV-5128): add new Tekton task to update component sboms feat(ISV-5128): add new Tekton task to update component sboms Oct 31, 2024
@wcheang
Copy link
Contributor Author

wcheang commented Nov 1, 2024
edited
Loading

@mmalina the CONTRIBUTING.md says Tekton task tests are not required, but the check is failing due to missing tests directory? All the logic is in the Python script and already covered by unit tests, but I can add some Tekton task tests too if it is required.

mmalina added a commit that referenced this pull request Nov 4, 2024
@mmalina
fix: contributing doc to say task tests are required
ca0d2fd 
This recently came up in a PR:
#656

We definitely do require tests for all new tasks. For existing
tasks, we mostly do as well, but there are still three tasks
without tests:

- base64-encode-checksum
- create-internal-request
- prepare-validation

Signed-off-by: Martin Malina <mmalina@redhat.com>
@mmalina mmalina mentioned this pull request Nov 4, 2024
Merged
@mmalina
Copy link
Contributor

mmalina commented Nov 4, 2024

@mmalina the CONTRIBUTING.md says Tekton task tests are not required, but the check is failing due to missing tests directory? All the logic is in the Python script and already covered by unit tests, but I can add some Tekton task tests too if it is required.

The doc is not correct. Fix here: #664

To explain, when we came up with the mechanism to write task tests, none of the tasks had tests, but there would be a tests directory and a sample run.yaml which was a taskrun definition using the task. So the reason for that sentence was that if you changed an existing task, you wouldn't be required to write tests for it.

I understand that in your case the task will not do much besides running the script, but it's still nice have some basic test to ensure there is no error in the task definition or something like that. I would recommend using a mock for the python script and just check that it was called with the parameters it was expected to be called with.

@wcheang wcheang force-pushed the ISV-5128 branch 3 times, most recently from 69b389f to 642b662 Compare November 5, 2024 07:08
mmalina added a commit to mmalina/release-service-catalog that referenced this pull request Nov 5, 2024
@mmalina
fix: contributing doc to say task tests are required
4fe80ca 
This recently came up in a PR:
konflux-ci#656

We definitely do require tests for all new tasks. For existing
tasks, we mostly do as well, but there are still three tasks
without tests:

- base64-encode-checksum
- create-internal-request
- prepare-validation

Signed-off-by: Martin Malina <mmalina@redhat.com>
mmalina added a commit that referenced this pull request Nov 5, 2024
@mmalina
fix: contributing doc to say task tests are required (#664)
3f20a90 
This recently came up in a PR:
#656

We definitely do require tests for all new tasks. For existing
tasks, we mostly do as well, but there are still three tasks
without tests:

- base64-encode-checksum
- create-internal-request
- prepare-validation

Signed-off-by: Martin Malina <mmalina@redhat.com>
@wcheang wcheang force-pushed the ISV-5128 branch 3 times, most recently from 24058f6 to 121ab41 Compare November 5, 2024 22:38
@wcheang
Copy link
Contributor Author

wcheang commented Nov 5, 2024

The symlink appears to be set up with the wrong path in my previous change in the utils repos. PR to fix it here: konflux-ci/release-service-utils#295

@wcheang wcheang force-pushed the ISV-5128 branch 3 times, most recently from 335ea29 to 35ac838 Compare November 6, 2024 19:52
@wcheang
Copy link
Contributor Author

wcheang commented Nov 6, 2024

@mmalina Could you please help me figure out why the Tekton task tests are running into "permission denied" errors on all the scripts (tests/pre-apply-task-hook.sh and /home/sbom/update_component_sbom? I looked everything over on both repos, and couldn't tell what I was missing. The /home/sbom dir is added to the path, and there doesn't seem to be any other permission change needed for the utils scripts.

@mmalina
Copy link
Contributor

mmalina commented Nov 8, 2024

@mmalina Could you please help me figure out why the Tekton task tests are running into "permission denied" errors on all the scripts (tests/pre-apply-task-hook.sh and /home/sbom/update_component_sbom? I looked everything over on both repos, and couldn't tell what I was missing. The /home/sbom dir is added to the path, and there doesn't seem to be any other permission change needed for the utils scripts.

The script doesn't have execute permissions:

$ ls -l sbom
total 72
lrwxr-xr-x@ 1 mmalina  staff    22  4 Oct 12:33 create_product_sbom -> create_product_sbom.py
-rwxr-xr-x@ 1 mmalina  staff  4862  8 Nov 13:12 create_product_sbom.py
-rw-r--r--@ 1 mmalina  staff  9927  8 Nov 13:12 test_create_product_sbom.py
-rw-r--r--@ 1 mmalina  staff  7457  4 Nov 09:15 test_update_component_sbom.py
lrwxr-xr-x@ 1 mmalina  staff    24  8 Nov 13:12 update_component_sbom -> update_component_sbom.py
-rw-r--r--@ 1 mmalina  staff  4466  4 Nov 09:15 update_component_sbom.py

That's something that's typically not shown in Github UI. It has the permissions it had when it was added. You can chmod 755 sbom/update_component_sbom.py and commit that change.

@wcheang wcheang force-pushed the ISV-5128 branch 3 times, most recently from b1af50d to 64dfefe Compare November 18, 2024 15:24
mmalina
mmalina previously approved these changes Nov 19, 2024
View reviewed changes
@openshift-ci openshift-ci bot added the lgtm label Nov 19, 2024
@openshift-ci openshift-ci bot removed the lgtm label Nov 19, 2024
johnbieren
johnbieren reviewed Nov 19, 2024
View reviewed changes
Copy link
Collaborator

@johnbieren johnbieren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two small nit picks left then I am good to approve

tasks/push-rpm-data-to-pyxis/push-rpm-data-to-pyxis.yaml Outdated Show resolved Hide resolved
tasks/push-rpm-data-to-pyxis/README.md Outdated Show resolved Hide resolved
@openshift-ci openshift-ci bot added the lgtm label Nov 19, 2024
@johnbieren
Copy link
Collaborator

/ok-to-test

@johnbieren
Copy link
Collaborator

@wcheang can you squash this down to one commit and sign the commit?

@openshift-ci openshift-ci bot removed the lgtm label Nov 19, 2024
@wcheang
feat(ISV-5128): add new Tekton task to update component sboms
0d30645 
Signed-off-by: Wai Cheang <wcheang@redhat.com>
@wcheang wcheang requested a review from johnbieren November 20, 2024 13:50
@johnbieren
Copy link
Collaborator

/ok-to-test

@johnbieren
Copy link
Collaborator

@wcheang would you like this merged as soon as it passes e2e? I can turn on auto merge if so. If another PR is merged before this one passes though it will still have to be rebased

@wcheang
Copy link
Contributor Author

wcheang commented Nov 20, 2024

@wcheang would you like this merged as soon as it passes e2e? I can turn on auto merge if so. If another PR is merged before this one passes though it will still have to be rebased

Yes please turn on auto-merge

@openshift-ci openshift-ci bot added the lgtm label Nov 20, 2024
@johnbieren johnbieren enabled auto-merge (squash) November 20, 2024 14:22
@johnbieren johnbieren merged commit 65edf28 into konflux-ci:development Nov 20, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmalina mmalina mmalina approved these changes

@johnbieren johnbieren Awaiting requested review from johnbieren

Assignees

@mmalina mmalina

@johnbieren johnbieren

Labels
lgtm ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@wcheang @mmalina @johnbieren @openshift-merge-robot