Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package curation provider plugins #6308

Merged
merged 10 commits into from Jan 11, 2023
Merged

Package curation provider plugins #6308

merged 10 commits into from Jan 11, 2023

Conversation

mnonnenmacher
Copy link
Member

@mnonnenmacher mnonnenmacher commented Jan 6, 2023
edited

Make package curation providers configurable plugins. Please see the commit messages for details.

Breaking change:
This PR adds a new section packageCurationProviders to the config.yml which is used to configure the package curation providers. The configuration of the Sw360PackageCurationProvider moved from AnalyzerConfiguration to this new section. The command line options of AnalzyerCommand to enable curation providers have been removed, instead this now needs to be configured in config.yml. See the changes to reference.yml in this PR for possible configuration options, this includes also an example for how to enable/disable a specific provider using an environment variable.

@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch 2 times, most recently from 0d7f05f to 5155072 Compare January 6, 2023 16:43
sschuberth
sschuberth requested changes Jan 6, 2023
View reviewed changes
analyzer/src/main/kotlin/PackageCurationProvider.kt Show resolved Hide resolved
analyzer/src/main/kotlin/PackageCurationProvider.kt
*/
interface PackageCurationProviderFactory<CONFIG> : ConfigurablePluginFactory<PackageCurationProvider> {
companion object {
val ALL = NamedPlugin.getAll<PackageCurationProviderFactory<*>>()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to myself: I was actually surprised that this (is supposed to) work(s) here as generic types get erased at compile time. But after reading through the excellent https://typealias.com/guides/star-projections-and-how-they-work/ I see how this could work.

analyzer/src/main/kotlin/curation/FilePackageCurationProvider.kt Outdated Show resolved Hide resolved
analyzer/src/main/kotlin/curation/Sw360PackageCurationProvider.kt Outdated Show resolved Hide resolved
analyzer/src/main/kotlin/PackageCurationProvider.kt Outdated Show resolved Hide resolved
@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch 3 times, most recently from a099b06 to faccfa6 Compare January 10, 2023 10:41
@mnonnenmacher mnonnenmacher added breaking change Pull requests that break compatibility with previous behavior release notes Changes that should be mentioned in release notes labels Jan 10, 2023
@mnonnenmacher mnonnenmacher marked this pull request as ready for review January 10, 2023 10:47
@mnonnenmacher
Copy link
Member Author

mnonnenmacher commented Jan 10, 2023
edited

@oss-review-toolkit/core-devs I decided to move the files to the new plugins folder which we discussed yesterday in a separate PR as I added some commits to clean up reference.yml and OrtConfigurationTest and didn't want to make this PR too big.

@sschuberth
Copy link
Member

FYI @mnonnenmacher, OrtMainFunTest still seems to fail.

@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch from faccfa6 to 55d7695 Compare January 10, 2023 11:26
@mnonnenmacher
Copy link
Member Author

FYI @mnonnenmacher, OrtMainFunTest still seems to fail.

Should be fixed now.

@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch from 55d7695 to 9cb0765 Compare January 10, 2023 11:31
sschuberth
sschuberth requested changes Jan 10, 2023
View reviewed changes
analyzer/src/main/kotlin/PackageCurationProvider.kt Show resolved Hide resolved
analyzer/src/main/kotlin/PackageCurationProvider.kt Outdated
fun create(configurations: List<PackageCurationProviderConfiguration>) =
// Reverse the list so that curations from providers with higher priority are applied later and can
// overwrite curations from providers with lower priority.
configurations.filter { it.enabled }.map { ALL.getValue(it.name).create(it.config) }.reversed()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use .asReversed() to avoid creating a copy.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm actually unsure about this. Personally, I would expect curation providers to be queried / curations be applied in the order I define them in the configuration, and not for the order to express a priority.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found it unintuitive for the user that higher priority providers would come later in the list, because a user will likely not know technical details about how curations are applied. For example, if ClearlyDefined is put before SW360 it seemed clearer to me that in case of a conflict ClearlyDefined wins.

and not for the order to express a priority

It does either way.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have other places in the config where order expresses priority that we could align with?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think so.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I don't have a strong opinion here, it just confused me. Should we ask for other opinions from @oss-review-toolkit/kotlin-devs?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use .asReversed() to avoid creating a copy.

I believe this is the only open remark, otherwise I'd simply approve now.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

cli/src/funTest/kotlin/OrtMainFunTest.kt Outdated Show resolved Hide resolved
cli/src/funTest/kotlin/OrtMainFunTest.kt Show resolved Hide resolved
model/src/test/kotlin/config/OrtConfigurationTest.kt Show resolved Hide resolved
@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch from 9cb0765 to cdbe68f Compare January 10, 2023 14:35
zhernovs
zhernovs reviewed Jan 10, 2023
View reviewed changes
model/src/main/resources/reference.yml
- name: File
config:
path: '/some-path/curations.yml'
- name: File
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be "Dir" or "Directory"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is currently only the FilePackageCurationProvider which handles both files and dirs. I would like to split this later on, but not in this PR.

@mnonnenmacher
FilePackageCurationProvider: Verify the curation directory
eddd815 
Verify that the curation directory is a directory before trying to find
curation files in it.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
PluginManager: Add a ConfigurablePluginFactory
83229cb 
Add the new interface `ConfigurablePluginFactory` which can be
implemented by plugins that need to be configured on creation.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
analyzer: Add a PackageCurationProviderFactory
0d10fb8 
Add a `PackageCurationProviderFactory` plugin extension point.

Fixes #6056.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
OrtConfiguration: Add a missing space
4937f49 
Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
model: Add a configuration model for package curation providers
d38b483 
Add the model required to configure package curation providers in the
ORT configuration. It will be taken into use in the following commits.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
AnalyzerCommand: Create package curation providers from config file
d6c5767 
Use the `PackageCurationProviderFactory` to create the package curation
providers that are configured in the config file and remove the now
unused command line options to enable package curation providers.

The only exception is currently the provider that reads package
curations from the repository configuration, this will be handled in a
later commit.

Remove the test from `OrtMainFunTest` that tests the removed
`--package-curations-file` option and instead apply curations in the
"Analyzer creates correct output" test.

Fixes #6055.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
reference.yml: Align order with OrtConfiguration class
aac6f5b 
Align the order of top-level configuration options with the order of
properties in `OrtConfiguration`.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
OrtConfigurationTest: Align order of verification with reference.yml
588c696 
Verify properties in the same order as they are defined in
reference.yml.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
OrtConfigurationTest: Add missing verifications for reference.yml
fd95d54 
Add verification for properties from `reference.yml` that were not
verified before.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher
AnalyzerConfiguration: Remove unused SW360 configuration
6538a3b 
The configuration was used to configure the
`Sw360PackageCurationProvider` which is now configured in a separate
section of the configuration file.

Signed-off-by: Martin Nonnenmacher <martin.nonnenmacher@bosch.io>
@mnonnenmacher mnonnenmacher force-pushed the package-curation-provider-plugins branch from cdbe68f to 6538a3b Compare January 11, 2023 06:59
@mnonnenmacher mnonnenmacher merged commit 498a298 into main Jan 11, 2023
@mnonnenmacher mnonnenmacher deleted the package-curation-provider-plugins branch January 11, 2023 08:17
@zhernovs
Copy link
Contributor

Just curious, if --package-curations-dir and --package-curations-file options were deprecated for AnalyzerCommand, shouldn't it be also deprecated for EvaluatorCommand?

@sschuberth
Copy link
Member

Just curious, if --package-curations-dir and --package-curations-file options were deprecated for AnalyzerCommand, shouldn't it be also deprecated for EvaluatorCommand?

In the AnalyzerCommand these options were not deprecated, but removed, because there's now a new way to configure them. In the EvaluatorCommand, however, these options are used to override the configured curations, so these options should be kept.

@mnonnenmacher
Copy link
Member Author

On the long term the EvaluatorCommand options should also be removed because it's inconsistent that not all curation providers are supported. Instead, a separate command to replace existing curations would be a better option, also see #6188.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zhernovs zhernovs zhernovs left review comments

@sschuberth sschuberth sschuberth approved these changes

@oheger-bosch oheger-bosch Awaiting requested review from oheger-bosch oheger-bosch is a code owner

Assignees
No one assigned
Labels
breaking change Pull requests that break compatibility with previous behavior release notes Changes that should be mentioned in release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mnonnenmacher @sschuberth @zhernovs