-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: use latest sbom-tool #917
Conversation
fbe8c64
to
b71d61f
Compare
Codecov ReportPatch and project coverage have no change.
Additional details and impacted files@@ Coverage Diff @@
## main #917 +/- ##
=======================================
Coverage 54.95% 54.95%
=======================================
Files 81 81
Lines 4791 4791
=======================================
Hits 2633 2633
Misses 1881 1881
Partials 277 277 ☔ View full report in Codecov by Sentry. |
@@ -340,7 +339,7 @@ e2e-sbom-setup: | |||
mkdir -p .staging/sbom | |||
|
|||
# Install sbom-tool | |||
curl -Lo .staging/sbom/sbom-tool https://github.com/microsoft/sbom-tool/releases/download/v${SBOM_TOOL_VERSION}/sbom-tool-linux-x64 && chmod +x .staging/sbom/sbom-tool | |||
curl -Lo .staging/sbom/sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 && chmod +x .staging/sbom/sbom-tool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we sure want to pin to latest versus a specific version? We had some experiences in the pst where the upstream tool latest version introduced breaking changes that started causing CI tests to fail.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's good point. I feel CI test failure is not a big concern in this case since it's a quick fix, but we should consider if we want to always use the latest version with probably more validation and potential bugs or a specific version that we've verified. We can leave PR open and discuss in the community.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
had a discussion with during community meeting, we agreed on using latest version as this will then be insync with the dependabot managed version in src code.
Co-authored-by: Susan Shi <huish@microsoft.com>
Description
What this PR does / why we need it:
Reverting this PR as sbom-tool already fixed the broken release.
Which issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #
Type of change
Please delete options that are not relevant.
main
branch)How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Please also list any relevant details for your test configuration
Checklist:
Post Merge Requirements
Helm Chart Change