feat: Support for all input formats when running jake ddt or jake iq #125
Conversation
closes #104 BREAKING CHANGE: changed iq -i switch to -a, removed sbom -t switch (only -it works)
|
Thanks for the contribution! Unfortunately we can't verify if the committer(s), Andrea Ghensi aghensi@systra.com, signed the CLA because they have not associated their commits with their GitHub user. Please follow these instructions to associate your commits with your GitHub user. Then sign the Sonatype Contributor License Agreement and this Pull Request will be revalidated. |
|
I'm having trouble verifying my new corporate email address (the email filter is too strong, I suppose), I opened a ticket with my IT support to try to solve it. In the meantime, I saw that the static_code_analysis-310-locked fails on circleci but runs fine on my machine... |
|
Email verified, still don't know how to solve the circleci error! please advise |
|
Is there anyone out there? 😉 |
There was a problem hiding this comment.
Still reviewing why my local CI build fails with vulnerabilities (maybe this is why the CI failed on the PR). Some questions regarding arg changes in line.
Aha, I figured out why the vulnerability failure was happening (changes that only exist on my machine). Doh!
I don't see why the CI build is failing in py39. I may push a change to update the poetry version (a shot in the dark to see if it helps). Happy to revert if it is no help.
Thanks for the PR, and apologies for the slow replies.
Don't worry, as you can see I also struggle finding time to contribute to FOSS! I hope I addressed everything in the last two commits! |
README.md
Outdated
| @@ -303,26 +318,41 @@ Access Sonatype's proprietary vulnerability data using `jake`: | |||
| ``` | |||
| > jake iq --help | |||
|
|
|||
| usage: jake iq [-h] -s https://localhost:8070 -i APP_ID -u USER_ID -p PASSWORD [-t STAGE] | |||
| usage: jake iq [-h] -s https://localhost:8070 -i APP_ID -u USER_ID -p PASSWORD [-st STAGE] | |||
There was a problem hiding this comment.
So....don't shoot me for only thinking of this now, but another thought occurs: Would it be better (to avoid breaking changes) to make the new FILE_PATH arg be -f? (I would have no preference as to whether to keep --input or use something like --file-input for the long argument).
I mention this because while reviewing, I noticed the docs missed updating the -i to -a on line 321.
Also, I usually try to run the jake iq --help command in a terminal, and copy/paste the output into these docs. That helps ensure the docs/help are current too.
Question: Have you verified if the "old" iq arguments cause an exception? I'd rather we fail loudly (than silently) due to a breaking change. For example, if -i appId ... -t stage fails loudly when run with the newest changes?
There was a problem hiding this comment.
So is it ok to also change sbom's -i option to -f? I thought that I had to always use the -i flag for uniformity (and to DRY the code), but I just started using jake and don't really know what are the most used flags that are worth keeping.
You're right I should have used the --help flag to update the docs, I was being too lazy!
There was a problem hiding this comment.
So I went for the -f route for every command, and reverted what I could to before. -st has to stay to avoid conflicts with --type shorthand.
iq fails if the -t flag is used for stage since it only accepts the supported file formats.
Now the docs are in sync with the code!
This pull request makes the following changes:
SbomCommand._get_parser()method into a function in its ownparser_selectormoduleadd_parser_selector_argumentsfunction in the same moduleddtandiqcommands.BREAKING CHANGE: changed iq -i switch to -a, removed sbom -t switch (only -it works)
It relates to the following issue #s:
jake ddtorjake iq#104cc @bhamail / @DarthHater