Skip to content

Add workflow for automatic PR for new stereoscope updates#954

Merged
kzantow merged 1 commit intomainfrom
auto-pr-for-stereoscope-updates
Apr 13, 2022
Merged

Add workflow for automatic PR for new stereoscope updates#954
kzantow merged 1 commit intomainfrom
auto-pr-for-stereoscope-updates

Conversation

@kzantow
Copy link
Contributor

@kzantow kzantow commented Apr 13, 2022

This PR adds a nightly check for updates to stereoscope and automatically creates a PR if there has been something merged to main that has not been updated in Syft.

@kzantow
Add workflow for automatic PR for new stereoscope updates
a179825 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@kzantow kzantow self-assigned this Apr 13, 2022
@github-actions
Copy link

github-actions bot commented Apr 13, 2022

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.20ms ± 4%    1.18ms ± 5%    ~     (p=0.421 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2            2.99ms ± 1%    3.06ms ± 5%    ~     (p=0.063 n=4+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.00ms ± 3%    0.95ms ± 1%  -4.99%  (p=0.008 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         681µs ± 2%     641µs ± 1%  -5.81%  (p=0.016 n=4+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     811µs ± 1%     751µs ± 1%  -7.40%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      727µs ± 2%     689µs ± 3%  -5.26%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      14.2ms ± 3%    14.1ms ± 2%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.31ms ± 2%    1.23ms ± 4%  -6.18%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.23µs ± 2%    2.14µs ± 2%  -3.88%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               184kB ± 0%     184kB ± 0%    ~     (p=0.841 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             896kB ± 0%     896kB ± 0%    ~     (p=0.690 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     196kB ± 0%     196kB ± 0%  +0.11%  (p=0.048 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         140kB ± 0%     140kB ± 0%    ~     (p=0.056 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     175kB ± 0%     175kB ± 0%  +0.18%  (p=0.016 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      163kB ± 0%     163kB ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.29MB ± 0%    3.29MB ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.24MB ± 0%    1.24MB ± 0%    ~     (p=0.548 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%    ~     (all equal)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/ruby-gemspec-cataloger-2               3.66k ± 0%     3.66k ± 0%    ~     (all equal)
ImagePackageCatalogers/python-package-cataloger-2             14.8k ± 0%     14.8k ± 0%    ~     (p=0.683 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     4.94k ± 0%     4.94k ± 0%    ~     (p=0.238 n=4+5)
ImagePackageCatalogers/javascript-package-cataloger-2         2.72k ± 0%     2.72k ± 0%    ~     (all equal)
ImagePackageCatalogers/dpkgdb-cataloger-2                     3.93k ± 0%     3.93k ± 0%    ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                      4.01k ± 0%     4.01k ± 0%    ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       52.2k ± 0%     52.2k ± 0%    ~     (p=0.667 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      4.81k ± 0%     4.81k ± 0%    ~     (p=1.000 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%    ~     (all equal)

@kzantow kzantow requested a review from a team April 13, 2022 12:50
spiffcs
spiffcs previously approved these changes Apr 13, 2022
View reviewed changes
Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice addition! Just one comment on possibly acting only if the versions have changed.

.github/workflows/update-stereoscope-release.yml
stable: ${{ env.GO_STABLE_VERSION }}

- run: |
LATEST_VERSION=$(git ls-remote https://github.com/anchore/stereoscope main | head -n1 | awk '{print $1;}')
Copy link
Contributor

@spiffcs spiffcs Apr 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we get the current version that syft is using from the go.mod file?

If we find that this version is the same as LATEST_VERSION are we then able to short circuit the PR?

My thinking here is that if we can make it only every night where the versions change we have a chance to reduce the PR noise that could get introduced to our notifications feed.

Copy link
Contributor Author

@kzantow kzantow Apr 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted in the Grype PR, the auto-PR won't be created if there are no changes 👍

@spiffcs spiffcs self-requested a review April 13, 2022 16:49
@spiffcs spiffcs dismissed their stale review April 13, 2022 16:50

accident

@kzantow kzantow merged commit 25bf679 into main Apr 13, 2022
@kzantow kzantow deleted the auto-pr-for-stereoscope-updates branch April 13, 2022 17:20
spiffcs added a commit that referenced this pull request May 2, 2022
@spiffcs
Merge branch 'main' into 835-keyless-attestation-upgrade
cb25858 
* main: (31 commits)
  reduce noise of log output (#976)
  add version info and remove double config call (#977)
  Rename syft-id to package-id (#970)
  update to cyclonedx-go 0.5.2 (#971)
  refactor command package to remove globals and add dependency injection
  fix: #953 Derive language from pURL - https://github.com/anchore/syft… (#957)
  Fix typo in CPE-parsing error (#966)
  Preserve syft IDs on SBOM decode (#963)
  Update GitHub format package_url and correlator (#961)
  Ensure SPDXIDs are valid (#955)
  Auto-PR needs to run go mod tidy (#958)
  Add workflow for automatic PR for new stereoscope updates (#954)
  Minor readme update to correct format information (#948)
  Update spdx22json to only take uppercase checksum algorithm (#946)
  add additional vendors for springframework (#945)
  Add digest property to parent and nested java package metadata (#941)
  Update write permissions and log into ghcr.io for release (#942)
  Retry auth URL lookup without docker credentialhelper workaround (#939)
  Ensure that all cyclonedx components have bom-refs (#914)
  Additionally publish docker images to GHCR (#934)
  ...

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
rigzba21 pushed a commit to rigzba21/syft that referenced this pull request May 5, 2022
@kzantow @rigzba21
Add workflow for automatic PR for new stereoscope updates (anchore#954)
bf0c4c0 
Signed-off-by: rigzba21 <jonathan.velando01@gmail.com>
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@kzantow
Add workflow for automatic PR for new stereoscope updates (anchore#954)
f4d2e81
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@spiffcs spiffcs spiffcs approved these changes

Assignees

@kzantow kzantow

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kzantow @spiffcs