Add support for dependency relationships for alpine (apk)#1063
Add support for dependency relationships for alpine (apk)#1063wagoodman merged 12 commits intoanchore:mainfrom
Conversation
|
@tgerla I took this out of draft - if you push your changes I can review |
bbf6747 to
ddfcee1
Compare
|
Hi @spiffcs (and anyone else interested) -- I think this one is ready to go. Can you please review my last commit, "adjust test conditions"? I think I've updated the test correctly, but I am Go noob. |
kzantow
left a comment
There was a problem hiding this comment.
It looks like there are a couple // TODOs that might be important to fill out on this one -- what do you think?
ddfcee1 to
ed5c9c9
Compare
spiffcs
left a comment
There was a problem hiding this comment.
Added a question about schema change procedure as well as separator being used. When we settle on the right separator we might want to add a quick test to be sure the split is behaving correctly.
Also small nit on the strings usage
splits := strings.Split(provides, "=")
if strings.Contains(splits[0], "=") {
// protect against unsuccesful split
}
|
@tgerla it looks like there may be more things that were not originally in scope that need to be considered as part of this PR. It looks like the https://wiki.alpinelinux.org/wiki/Apk_spec page got a really healthy update over the last few months to help interpret an APK index vs installed DB file, which will be really helpful for determining the missing bits. I'd be happy to pair on this. |
kzantow
left a comment
There was a problem hiding this comment.
Just a few non-blocking questions...
Signed-off-by: Dan Luhring <dan+github@luhrings.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Timothy Gerla <tim@gerla.net>
Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
e98f483 to
635afb7
Compare
Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
|
This one should not have been squashed 😄 |
* Fix type of pull deps and add support for provides Signed-off-by: Dan Luhring <dan+github@luhrings.com> * [wip] apk dependency lookup Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update whitespace for linter Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * adjust test conditions Signed-off-by: Timothy Gerla <tim@gerla.net> * fix TODOs and improve Provides parser * run simports after main merge Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> * add tests to cover apk relationship parsing cases Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * generate JSON schema for breaking changes to apk metadata Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * update tests to account for additional dependencies Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * [wip] fix relationship encoding for cyclonedx Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * simplify package relationships that can be expressed Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Dan Luhring <dan+github@luhrings.com> Signed-off-by: Alex Goodman <alex.goodman@anchore.com> Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com> Signed-off-by: Timothy Gerla <tim@gerla.net> Co-authored-by: Alex Goodman <alex.goodman@anchore.com> Co-authored-by: Christopher Phillips <christopher.phillips@anchore.com> Co-authored-by: Timothy Gerla <tim@gerla.net>
Partially addresses #572