Global and non-standard gitignore files are not respected

[wmedlar]

What happened:

I have a global gitignore that ignores .DS_Store files.
When I ran bom against a local git repo, it included .DS_Store in the output.

$ git config --global --get core.excludesFile               
~/.config/git/config

$ git check-ignore --verbose .DS_Store
~/.config/git/ignore:2:.DS_Store      .DS_Store

$ bom generate -d . -n http://example.com/
[...]
Relationship: SPDXRef-Package-my-repo CONTAINS SPDXRef-File-86f7fc8c194db4803d37c5b2feecf09c3ee135fb
FileName: .DS_Store
SPDXID: SPDXRef-File-1f11d692242833beff175ce40424d9f280dd3c8a
FileChecksum: SHA1: 0a9e0aee4f8f8d9bf492bfc64d896d157045fe23
FileChecksum: SHA256: ec746d722904dc246254c17bb76bc7e8579af01ea124f38b06df02200c1d503e
FileChecksum: SHA512: a6f5b29d97fb892fd3ca6189c589f7d1af178d212eebf0294848eb734ec7dbb13d69a09c83419199a0936295f0c7ca936b78898a0b6c9fba1745fd288296aebd
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NONE
FileCopyrightText: NOASSERTION
[...]

I also confirmed this behavior is present for non-standard gitignore files (i.e., not named .gitignore) set locally with (core.excludesFile).

What you expected to happen:

I expected bom to ignore the .DS_Store file, and any others excluded by my global gitignore.

How to reproduce it (as minimally and precisely as possible):

$ git init bom-gitignore-test
Initialized empty Git repository in ~/bom-gitignore-test/.git/

$ cd bom-gitignore-test

$ touch some-file

$ echo some-file > ignores

$ git config --global core.excludesFile ignores # or use --local to only affect this repo

$ git check-ignore --verbose some-file
ignores:1:some-file     some-file

$ bom generate -d . -n http://example.com/
[...]
Relationship: SPDXRef-Package-bom-gitignore-test CONTAINS SPDXRef-File-cbbba3a3cb11930313b724a71f4775324a43ff61
FileName: some-file
SPDXID: SPDXRef-File-45e075645e9d6d3346b37d8e0cd826a0b203f055
FileChecksum: SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
FileChecksum: SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
FileChecksum: SHA512: cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
LicenseConcluded: NOASSERTION
LicenseInfoInFile: NONE
FileCopyrightText: NOASSERTION
[...]

Anything else we need to know?:

Global gitignore files can exist at several paths without being set in the user's gitconfig, so the output of git config --global --get core.excludesFile is not sufficient alone. Here is an excellent gist with some background.

Environment:

• Cloud provider or hardware configuration: Macbook Air M1
• OS (e.g: cat /etc/os-release): MacOS Monterery
• Kernel (e.g. uname -a): darwin 21.2.0
• Others: n/a

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sbs2001]

/reopen

[k8s-ci-robot]

@sbs2001: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[wmedlar]

/reopen

[k8s-ci-robot]

@wmedlar: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sbs2001]

One way to solve this issue will be to run git config --global --get core.excludesFile from bom process and import the global nonstandard ignore rules. This will make git a dependency, maybe we could keep the feature under a flag ?

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue or PR with /reopen
• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.