Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(adv): rebase command and library functionality #1436

Merged
merged 2 commits into from
Feb 11, 2025
Merged

feat(adv): rebase command and library functionality #1436

merged 2 commits into from
Feb 11, 2025

Conversation

luhring
Copy link
Member

@luhring luhring commented Feb 8, 2025
edited
Loading

Adds a new command: wolfictl adv rebase — along with the accompanying library functionality.

This new command is useful for replaying the latest advisory event from one or more advisories in a "source" directory onto corresponding advisory data in a "destination" directory. detection events and fixed events are not copied. Newly added events use the current timestamp so they'll pass validation. Any net new advisories are given a newly generated CGA ID.

This is useful for when a package Melange file is copied from one repo to another, and the new instance of the package may have already accumulated some advisory data (e.g. detection events), but any conclusions from the original repo's advisory data should be applied to the new repo's advisory data as well.

Syntax

wolfictl adv rebase <path-to-source-advisories-file.yaml> <path-to-destination-directory>

Example

wolfictl adv rebase ./argo-cd-2.8.yaml ../enterprise-advisories

Note: This PR also smooths out the testerfs implementation to make it easier to use filesystem test fixtures to observe whether code under test had the desired impact on the filesystem.

@luhring
feat(adv): rebase
60ffcdb 
A new CLI command and library operation that copies select advisory data for a given package from its instance in one directory to that in another directory.

This also significantly improves the testerfs implementation and its use in build configs tests.

Signed-off-by: Dan Luhring <[email protected]>
@luhring luhring changed the title feat(adv): rebase (wip) feat(adv): rebase command and library functionality Feb 9, 2025
@luhring luhring marked this pull request as ready for review February 9, 2025 22:22
@luhring
fix(adv): exempt fixed events from rebase
6d28166 
Because they are meant to describe fixes and fixed versions from the old APK repository, not the new APK repository.

Signed-off-by: Dan Luhring <[email protected]>
cpanato
cpanato approved these changes Feb 11, 2025
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

thanks

@luhring luhring merged commit b0f7eaa into wolfi-dev:main Feb 11, 2025
8 checks passed
@luhring luhring deleted the rebase branch February 11, 2025 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@luhring @cpanato