-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support comparing Alpine versions locally #980
Conversation
acee4d9
to
fc9938b
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #980 +/- ##
==========================================
+ Coverage 64.47% 64.97% +0.49%
==========================================
Files 148 149 +1
Lines 12088 12257 +169
==========================================
+ Hits 7794 7964 +170
+ Misses 3843 3842 -1
Partials 451 451 ☔ View full report in Codecov by Sentry. |
e2e73ba
to
68411e6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks really good! Some minor comments
68411e6
to
4a2fdc5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
…ce in the string is equal to 0
… doesn't seem to matter
99c08d5
to
03a4545
Compare
This introduces support for comparing Alpine versions locally using the same logic as the `apk` package manager, along with a generator for generating fixtures. There is a bit of fuzziness in the behaviour across different versions of `apk` - the `alpine:3.x` docker images all use `apk` v2.x, which is what the fixture generator uses too and at least `apk` v2.14 (which is used by `alpine:3.19`) and v2.10 pass; however the current latest upcoming version of `apk` technically fails on approximately 30 fixtures which I think is because it has fixed https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10088. Beyond that I was able to find a handful of other edge cases where the comparison results between these versions was different, but they all seemed to be primarily around the handling of invalid versions which are not expected to be present in OSV data anyway and they look to be the result of bugfixes meaning we'd need special "anti" handling to support in a way that ensures valid versions are still compared correctly, so I think it's good enough to ship. Resolves google#952
This introduces support for comparing Alpine versions locally using the same logic as the
apk
package manager, along with a generator for generating fixtures.There is a bit of fuzziness in the behaviour across different versions of
apk
- thealpine:3.x
docker images all useapk
v2.x, which is what the fixture generator uses too and at leastapk
v2.14 (which is used byalpine:3.19
) and v2.10 pass; however the current latest upcoming version ofapk
technically fails on approximately 30 fixtures which I think is because it has fixed https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10088.Beyond that I was able to find a handful of other edge cases where the comparison results between these versions was different, but they all seemed to be primarily around the handling of invalid versions which are not expected to be present in OSV data anyway and they look to be the result of bugfixes meaning we'd need special "anti" handling to support in a way that ensures valid versions are still compared correctly, so I think it's good enough to ship.
Resolves #952