chore: Update release candidate #5185
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* chore(ci): switch to small go image Context: p95 duration for this job over the last 90 days is 2m 17s Solution: Switch from 2.3Gb image to generic 513mb image. Fetching the `bastiandoetsch209/cli-build` image can increase the Job time by ~60 seconds if the image is not cached. ``` Warning: No authentication provided, using CircleCI credentials for pulls from Docker Hub. image cache not found on this host, downloading bastiandoetsch209/cli-build:20240214-145818 … bastiandoetsch209/cli-build:20240214-145818: using image bastiandoetsch209/cli-build@sha256:1504fdbb34f02aab15475c3eacf8c0fc82be83059cda435b91327e43a98cb863 pull stats: download 2.279GiB in 23.682s (98.54MiB/s), extract 2.31GiB in 58.549s (40.39MiB/s) ``` Even pipelines run within minutes of each other do not necessarily hit the same image cache. The caching layer at use here is entirely opaque to me, but the observed affects are that the `Spin up environment` step can take either 0 or 60 seconds. Switching to one of the Circle CI provided images which also tend to be smaller could help here. Perhaps the inscrutable image caching is more likely to be optimised for their own images. * chore(ci): removes unused dep to speed up feedback cycle i The test-go job has dependency on the artifacts generated as part of the prepare-build job. Running this asap to reduce time to results.
As of Composer v2.7.2 the tool will emit an error if the version has not been defined on the root composer.json https://github.com/composer/composer/releases/tag/2.7.2
Windows is the slowest test run, a problem made worse by the time consuming build process that runs before it. Perhaps a short term workaround until we have time to optimise the build step is to increase the number of shards.
* fix: validate PR title * chore: introduce linting for GitHub PR titles * chore: update node for danger job * chore: attempt at tracking edits to PRs
* fix: add support for development python versions * test: explicitly state project version (#5108) As of Composer v2.7.2 the tool will emit an error if the version has not been defined on the root composer.json https://github.com/composer/composer/releases/tag/2.7.2 * chore: introduce script to help create release (#5107) --------- Co-authored-by: Luke Watts <luke@snyk.io>
Co-authored-by: Avishagp <noreply@snyk.io>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
- feat: support verbose for maven Support passing -Dverbose to resolve omitted dependencies using maven-dependency-plugin. When verbose is being used execute a specific version of the maven-dependency-plugin. This is becuase on lower version of this plugin outputType=dot is not supported, and it will output a tree. When verbose is on skip pruning and ensure all dependency lines are traversed fully, using breadth first, first in wins for version resolution. - fix: record and use visited dependency information In preparation for supporting -Dverbose the breadth first search needs to retain previously visited dependency information. At the moment we record whether a dependency has been seen (true/false) based on the maven graph node id. This id contains the dependency version. For example 'com.example:my-app:jar:jdk8:1.2.3:compile'. However when maven is determining whether a dependency has already been seen only four properties are used: * groupId * artifactId * type * classifier (optional) These are the properties that uniquely identify a dependency in Maven. Changing visited to be keyed by these four properties instead. In addition we then record the parsed dependency for these visited dependencies so that we can use that information when adding and connecting the dep-graph nodes. The effect is that if a duplicate node is found, the previously visited version is preferred regardless of what the duplicate node is set to. This doesn't really effect the current implementation because maven-dependency-plugin hides duplicates. Another PR will start to support -Dverbose where this becomes important that we select the effective version being resolved by Maven.
* chore: add a simple script to install dev tools * chore: use Brewfile
* chore: create create-release script to create/update release branches * chore: push patch branch in create-release.sh * chore: can dry-run create-release.sh
* chore: allow unknown flags for code test * chore(dep): bump gaf to latest * chore: introduce go entry point for snyk code test * test: switch to validating output against previous run --------- Co-authored-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com>
…[CLI-73] (#5093) * fix: Support large json data structures via --json --------- Co-authored-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com>
- Updated `snyk sbom` to accept CycloneDX 1.5 - Updated `snyk container sbom` to accept CycloneDX 1.5 Co-authored-by: Paul Rosca <paul.rosca@snyk.io>
Co-authored-by: PeterSchafer <noreply@snyk.io>
* refactor: mark less recommended path as deprecated * chore: introduce test helper to isolate port selection * refactor: switch to using helper to determine port We need to know about the port ahead of time so that we can use it in our configuration. This supports iterating on fixed ports to random ports so we can support running in parallel and ensure no collision between our tests. * chore: apply formatting
* chore(deps): upgrade jest to latest * test: update snapshot
* test: migrate code tests to acceptance * test: succeed testing with correct exit code - with sarif oputput and no markdown * test: track analytics are called added * test: should fail - when server returns error codes * test: Always calls code-client with url coming from sastSettings * chore: address lint issues
Co-authored-by: Avishagp <noreply@snyk.io>
These files are not tracked by git and result in a noticeable lag in prettier whilst they are being processed. See here for an example of the ~4.5second delay caused by prettier. ``` .tap/coverage/01fec6e5-492e-4f01-baa6-69022efbebfc.json 15ms .tap/coverage/05a96cf2-7cea-4e31-8d82-745c88fbd122.json 224ms .tap/coverage/093b21d5-b8a4-4dd1-9815-e669729363b2.json 80ms .tap/coverage/4c57c24d-61e9-41d8-912a-8944b9e3dd85.json 15ms .tap/coverage/51be6d29-8498-42b5-b648-4331a8cc1620.json 2430ms .tap/coverage/77a86007-79d2-403a-9fd0-0099176628eb.json 58ms .tap/coverage/ad188bc4-8e9f-42ed-bdbb-febdf9e2fd70.json 2213ms .tap/coverage/e3b30972-2569-41f3-a2f0-0b516524c56e.json 56ms .tap/coverage/e4e079ea-f384-434c-8a8f-430f6bda7501.json 16ms .tap/coverage/ec4b832d-d31c-40b7-8657-48b874219100.json 18ms .tap/coverage/f47299fe-8a09-46ac-99f8-33209e0bb687.json 5ms .tap/processinfo/01fec6e5-492e-4f01-baa6-69022efbebfc.json 4ms .tap/processinfo/05a96cf2-7cea-4e31-8d82-745c88fbd122.json 5ms .tap/processinfo/093b21d5-b8a4-4dd1-9815-e669729363b2.json 4ms .tap/processinfo/4c57c24d-61e9-41d8-912a-8944b9e3dd85.json 3ms .tap/processinfo/51be6d29-8498-42b5-b648-4331a8cc1620.json 5ms .tap/processinfo/77a86007-79d2-403a-9fd0-0099176628eb.json 4ms .tap/processinfo/ad188bc4-8e9f-42ed-bdbb-febdf9e2fd70.json 5ms .tap/processinfo/e3b30972-2569-41f3-a2f0-0b516524c56e.json 4ms .tap/processinfo/e4e079ea-f384-434c-8a8f-430f6bda7501.json 3ms .tap/processinfo/ec4b832d-d31c-40b7-8657-48b874219100.json 4ms .tap/processinfo/f47299fe-8a09-46ac-99f8-33209e0bb687.json 3ms ```
This safe-guards and enforces that global ignores functionality has the necessary commands available.
* feat: parse workflow data to determine errors * fix: switch to align with finalised schema * chore(deps): bump gaf to latest * test: refactor to support integration test * fix: introduce custom error for storing exit code * chore: adjust wording on json error * test: update to match new error * chore: remove file * chore(deps): update go-application-framework to latest * chore: reorder imports * chore: remove unused code * refactor: switch to structured test data * chore: fix formatting * chore: rename to include global prefix * fix: switch to content_type ref * chore: remove unused file * refactor: switch to exported type * refactor: introduce tests for displayError We want to ensure that nothing is displayed for the new Error being generated from TestSummary payload * test: switch to NewInMemory configuration * fix: display error logic to handle ExitCode errors * fix: broken import * test: remove defunct test --------- Co-authored-by: Peter Schäfer <101886095+PeterSchafer@users.noreply.github.com>
* feat: snyk woof ro language support and tests * chore: use jest table tests instead of forEach
* feat(sbom): Introduce experimental sbom test command --------- Co-authored-by: Tim Pickles <tim.pickles@snyk.io>
Co-authored-by: mcombuechen <noreply@snyk.io>
* chore(ci): enable stable release channels * chore: add release scripts to makefile * chore: add additional instructions to prepare-release * chore: run formatter after generating release notes * chore: remove unused variable * chore: ensure to use the correct version in release notes * chore: use correct version in create-release * chore: use long form of semver --coerce * chore: add comment on version cleanup
cmars
approved these changes
Apr 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release Candidate