-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
contrib: Add dynamic HTML viewer #905
Conversation
@dcantrell , @bookwar: This is a 2-hour PoC as per our recent discussion -- i.e. styling, functionality etc. is all wide open. But at this point I'm not entirely sure where we want to go with this. It feels to me that an rpmdiff job in Fedora/RHEL/etc. should spit out that json file and additionally copy viewer.html (possibly as index.html) next to it, so that it appears as an artifact that is browsable by humans. Then it can co-evolve with the data format in rpminspect, and be tested/developed independently of TF/dashboard. |
I think this is a great start. Thanks!
I think this is exactly what we want to do. I.e. we don't want rpminspect itself to create the HTML report. Big +1 from me 😉 |
This is really nice, thank you. The actual tool generating the end results was a problem I had with rpmdiff. The core program in rpmdiff actually spat out XML that could only be interpreted by the rpmdiff web frontend. I wanted to split the inspection tool from the results viewing as much as possible, which is why I did the different output formats in rpminspect. But that was never meant to have rpminspect outputting HTML directly. This is a nice addition and I could see putting it in the rpminspect package and we could instruct layered products on how to use it to view results in their own pipelines. |
Only nitpick feedback I have is I see RPMInspect in the screenshots at the top/header, and I know that won't fly ;) It should be all lowercase: rpminspect |
@jimbair: Oh, sure! I took that from rpminspect-report, but trivial to change of course. Done. |
Talked to @msrb. Notes for myself:
|
Inspections are divided in to two categories: those that apply to a single build and those that apply to both a single build or comparison. File size change reporting only makes sense when comparing builds, for instance. In the case of the license inspection, it only looks at the after build because it is an inspection that is for a single build. It does not report license changes from the before package to the after package, only whether or not the after package is correct. You can see the categorization in lib/inspect.c in the inspections array.
But be careful with that. Old rpmdiff reporting was not the best. The biggest request from users now is to be able to see the grid view that rpmdiff presented. If each inspection was in a grid and then color code the cell based on whether or not it passes or doesn't. With the result codes in rpminspect results, the color coding could be more fine-grained. Like OK could be green, VERIFY could be yellow, BAD could be red. INFO could be lunar. Just as an example.
rpminspect carries three types of information in addition to the result and waiver flag (the waiver flag is either "not waivable", "waivable by anyone", or "waiver requires security team response"...these are lifted from rpmdiff and are entirely up to the front end to implement in the web display. The reporting on the rpminspect side is just providing information for further manipulation by a web viewer. The three pieces of information in a result are the message (what did rpminspect find), details (this sometimes includes a command that was run, unified diff output, and so on...but it could also be empty), and a remedy (the remedy was not in rpmdiff and was something I wanted rpminspect to do similar to setroubleshoot for SELinux). |
Thanks @dcantrell for the details! This helps indeed. @msrb , I'll add such a table to the viewer and keep the current list, so that we have several views to play around with. Note that I'm working on TF today, but I'll look at this this week. |
@msrb , @dcantrell : I implemented such a "summary" table with clickable inspections, which are then shown below. That summary requires some non-trivial computation, as the JSON does not have an overall result per inspection (but not too bad). The table adjusts to the available screen width (please try it). The presentation of the details is exactly the same as in the previous list view. Of course, if we want to go with that approach, it can become less dense, and more vertically oriented. For now, this is mostly a design study which overall approach we want to use. Do you see a need to support both? (with a switch like "show details of all inspections") Screenshots in description are up to date. |
Note to self: I created a fake-rpms.py which produces pairs of RPMs for various scenarios (empty, bad license, growing file). With that, I get comparison checks such as "filesize": [
{
"result": "INFO",
"waiver authorization": "Not Waivable",
"message": "\/file.txt grew by 909000% on noarch"
},
{
"result": "OK",
"waiver authorization": "Not Waivable"
}
] |
I dropped the long "list" view, and only kept the lego brick table and the details view for a particular test. I think this is overall more useful, and it matches what @msrb asked for above. The details view is still mostly unstyled, I'd really appreciate some suggestions how it should look like? This is mostly visual design, and I'm not great at it 🙈 I added "remedy" as well. I also ran it against a comparison of a synthetic rpm pair (see the script above)
http://localhost:8000/viewer.html?url=./filechange.json# or the "rpmdeps" test: @dcantrell , @msrb , WDYT? |
@martinpitt thanks! I had a chance to show the viewer to a couple of people yesterday and the overall feedback was very positive :) Few suggestions:
cc also @dcantrell What do you guys think? |
@msrb : Fine for me to not filter the top table, that's up to you and the users; even the full set with OK is manageable (see the very last screenshot). Then the filter checkboxes should move out of the header and below the table, as they would then only affect the individual test results. And I propose to only show it if there is more than one result type (i.e. they are not all INFO or all OK and such). I'm happy to take the same colors as the rpmdiff results. I suppose the mapping would be like this: passed → OK, Info → INFO, needs inspection → VERIFY, failed → BAD. I'll see how DIAG fits in. "SKIPPED" is something that would need to happen in the JSON output itself, the viewer should not make assumptions about which tests exist. |
@msrb, @dcantrell : Reworked according to the above. At this point I am not sure if the filtering even still makes sense, it's a bit corner-case-ish. The only really long one is "rpmdeps" , which has tons of "INFO" and a single "OK", so filtering wouldn't give you much. And for such small cases it seems overkill: It was fun to implement, but the filtering needs quite a lot of logic. |
@dcantrell : While we sort out the remaining UI issues, do you have some structural advice/preferences? In the more recent iterations I split out .js and .css from the viewer.html file -- mostly because vim tends to get confused when you do large jumps through the code, and it can't tell any more whether it's in a HTML, CSS, or JS section. But if you prefer, I'm happy to merge this back into a single file. Any reference other than README? (I suppose I'll need to add this to some Makefile.am so that it gets disted) |
@martinpitt I'd vote for having it merged back into a single file. That would make it (slightly) easier to copy around in CI :) But even if it stays the way it is now, it's not a big deal. |
Ack -- I merged the files back together, and squashed the fixups. I have no other TODOs from my side, please keep them coming. 😁 Ready for review, anyway. BTW, the original zuul report from the description is gone. I used a current bodhi one now: This log path is not discoverable at all. I made a TODO item (for the TF, probably gluetools-modules?) to add this results.json as a proper log link, so that it will appear no the TF results page. This will also be the place to link to viewer.html in the future. |
@dcantrell How do you like the current version? LGTM? :) It's a +1 from me. |
How can I look at this locally? None of these links work (obviously the localhost one won't). Or, better, can someone else set this up at an actual URL that I can go to and see what this thing is doing? I can't comment until I can see what the current iteration looks like. I have comments around the colors I see in these screenshots as well as some of the text, but I'd like to look at the whole thing to get a better idea. |
OK, I figured out how to use it locally. Some comments:
Today I am working on the SKIP support to show skipped/disabled inspections as skipped rather than just not having them reported. Having those reported in the grid as a grey cell with black text would be nice. I should have that work done today. Other than the above comments, I really like this viewer. It's very similar to what users saw with rpmdiff but it's modern and compatible with rpminspect. rpminspect itself has inspection descriptions if you list inspections (-l) in verbose mode (-v). The rpmdiff web viewer showed test descriptions and I'm not sure that would be helpful here. It's probably sufficient to just link to the rpminspect documentation. |
Oh, also strike the "contrib: " from the commit summary lines. I have a set of prefixes I prefer to use for git commit messages in doc/git.md. This is used to generate release information about changes. For this PR, I recommend using the "[cmd]" prefix because this is adding an HTML viewer for the rpminspect command's results output. |
Thanks @dcantrell I did have a stronger color schema before, you can still see it here in an older screenshot. I was asked to take the colors from rpmdiff as they appeared too strong. Thanks for the datylon link! I'll read that. Adding non-color hints like bold and grid lines also sounds good. I'll work on your suggestions next week, I'm on PTO for the rest of this week. |
.. Err, I wanted to ask -- were the older colors better for you? But anyway, you already gave color recommendations, so I'll use these. |
@martinpitt Yes, the older colors you had were better for me. Finding the right balance is tricky because colorblindness is not a single thing. Ask any 5 colorblind people to label colors and you'll get 5 different responses. For me, very faint or light colors are the worst. There's not enough there for me to distinguish it. I find that having alternative distinguishing features like bold or italics or all capital letters gives a secondary way to read the information while still preserving color indicators for other people. Hope PTO was good. I am at the All Things Open conference next week, but will probably occasionally check email. |
I installed the Let's get color blind Firefox extension, and indeed the colors are bad for all three types of color blindness. I did your items about bold text, grid lines, colors, and did some other minor cleanups. At least to me, contrast appears much better now: I'll add back the diagnostics as a separate thing next (and update the description screenshots), this is mostly just to capture the new color schema. |
I pulled out the diagnostics from the table into an expander at the top. Screenshots in description are fully up to date. PTAL? |
This is similar in spirit to rpminspect-report, but much more lightweight. It does not require any build steps, and can just be copied as-is to any web server.
This looks much better now. Really cleaned up and sharp. Thank you for the updates. I've looked through everything and have no other comments. I'm ready to merge. |
Nice, thanks @dcantrell for the review! I had expected some more lose ends here, like adding this to dist tarballs in meson.build or so -- but I just see this doesn't happen for the other bits in contrib/ either. We can just copy it out of git in our infrastructure, like TF does for its generic results viewer as well. |
This is similar in spirit to rpminspect-report, but much more
lightweight. It does not require any build steps, and can just be copied
as-is to any web server.
Case: Real-world bodhi result
This bodhi result looks like this:
http://localhost:8000/viewer.html?url=https://artifacts.dev.testing-farm.io/1b160c72-a94c-4ea0-a187-0afb0a24950a/work-rpminspectD7I35E/rpminspect/tree/results.json#
The permissions inspection has more than one result type, and you can filter:
Expanding diagnostics:
Case: Failing and small result (synthetic)
To get some "interesting" results, I ram rpmdiff on a known-bad dummy RPM:
rpminspect -F json -c /usr/share/rpminspect/fedora.yaml -r "Fedora 37" ~/upstream/cockpit-ostree/test/files/chrony-0.1-2.noarch.rpm > contrib/chrony.json
then edited the rpmdeps result to VERIFY (to cover that as well). Then http://localhost:8000/viewer.html?url=./chrony.json looks like this: