fix: do not pull the latest when analyzing a target with local repo path #125
Conversation
oracle-contributor-agreement
bot
added
the
OCA Verified
tromai
changed the title
|
… path Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
tromai
force-pushed
the
117-macaron-pull-the-latest-when-analyzing-a-local-cloned-repository
branch
from
ade50b6 to
f04ed59
Compare
|
This rebase is for adding the Signoff messages to the new commits in this branch. |
| @@ -321,6 +321,54 @@ then | |||
| log_fail | |||
| fi | |||
|
|
|||
| echo -e "\n----------------------------------------------------------------------------------" | |||
| echo "apache/maven: test not doing a git pull when analyzing a local cloned repo." | |||
There was a problem hiding this comment.
| echo "apache/maven: test not doing a git pull when analyzing a local cloned repo." | |
| echo "apache/maven: test not pulling from remote for a locally cloned repo." |
src/macaron/slsa_analyzer/git_url.py
Outdated
| if not offline_mode: | ||
| if not digest or (digest and not commit_exists(git_obj, digest)): |
There was a problem hiding this comment.
| if not offline_mode: | |
| if not digest or (digest and not commit_exists(git_obj, digest)): | |
| if not offline_mode and (not digest or not commit_exists(git_obj, digest): |
src/macaron/slsa_analyzer/git_url.py
Outdated
| @@ -77,6 +76,9 @@ def check_out_repo_target(git_obj: Git, branch_name: str = "", digest: str = "") | |||
| This method supports repositories which are cloned (full or shallow) from existing remote repositories. | |||
| Other scenarios are not covered (e.g. a newly initiated repository). | |||
|
|
|||
| If ``offline_mode`` is True. This method will not perform any pulling before checking out the branch | |||
There was a problem hiding this comment.
| If ``offline_mode`` is True. This method will not perform any pulling before checking out the branch | |
| If ``offline_mode`` is set, this method will not pull from remote while checking out the branch or commit. |
src/macaron/slsa_analyzer/git_url.py
Outdated
| @@ -177,7 +176,12 @@ def check_out_repo_target(git_obj: Git, branch_name: str = "", digest: str = "") | |||
| logger.info("Cannot find commit %s on branch %s. Please check the configuration.", digest, res_branch) | |||
| return False | |||
|
|
|||
| logger.info("Successfully checked out commit %s.", head_commit) | |||
| head_commit: Commit = git_obj.repo.head.commit | |||
| if not head_commit: | |||
There was a problem hiding this comment.
Shouldn't this check be done before comparing git_obj.repo.head.commit.hexsha with digest at line 159?
There was a problem hiding this comment.
That is true. Within the if digest branch, we are not going to pull any new changes so it's okay for us to run this check before it.
There was a problem hiding this comment.
Hmmm, after having a closer look. The reason I put this part here in the first place is that there are cases where Macaron checkouts the specific hash which update the head commit (line 162). This is why we only perform it after all checking out commit hash operations to make sure that the we could still extract the head commit for the analysis. But I think we still need that check before line 159 anyway
There was a problem hiding this comment.
But still we need to check if git_obj.repo.head.commit is not None here. Otherwise it might throw an exception.
There was a problem hiding this comment.
If current_head is None here, should we return False early or should we proceed to try to check out the specific commit by the user 🤔 . The Exceptions for checking if digest exists or whether we can checkout digest (after here) should be caught and return False.
Add checks for the final HEAD commit after checking out the repository for edge cases. Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
src/macaron/slsa_analyzer/git_url.py
Outdated
| # We only pull the latest changes if we are not running in offline mode and: | ||
| # - no digest is provided. | ||
| # - or a commit digest is provided but it does not exist in the current local branch. | ||
| if not offline_mode and (not digest or (digest or not commit_exists(git_obj, digest))): |
There was a problem hiding this comment.
Why do you check digest again? We get to the second expression in the or statement only when not digest is False.
There was a problem hiding this comment.
I agree. It could be removed as you mentioned.
if not offline_mode and (not digest or not commit_exists(git_obj, digest)):
Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
| @@ -157,7 +154,10 @@ def check_out_repo_target(git_obj: Git, branch_name: str = "", digest: str = "") | |||
| return False | |||
|
|
|||
| if digest: | |||
| if head_commit.hexsha == digest: | |||
| current_head: Commit = git_obj.repo.head.commit | |||
There was a problem hiding this comment.
If current_head is None here, should we return False early or should we proceed to try to check out the specific commit by the user thinking . The Exceptions for checking if digest exists or whether we can checkout digest (after here) should be caught and return False.
What I meant is that in this line, there might be the case where current_head is None (there might be some errors with extracting the head commit). Should we exit on error early here, or we ignore it to at least try to check out the specific digest down below (where any exception would be caught):
if commit_exists(git_obj, digest):
# The digest was found in the history of the branch.
try:
git_obj.checkout(digest)
except GitCommandError as error:
logger.error(
"Commit %s cannot be checked out. Error: %s",
digest,
error,
)
return False
else:
logger.info("Cannot find commit %s on branch %s. Please check the configuration.", digest, res_branch)
return FalseThere was a problem hiding this comment.
It should be safe to try again to check out the digest if it exists, because commit_exists should return gracefully if commit doesn't exist.
tromai
deleted the
117-macaron-pull-the-latest-when-analyzing-a-local-cloned-repository
branch
…ath (#125) Signed-off-by: Trong Nhan Mai <trong.nhan.mai@oracle.com>
Closes #117 .