Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MergeCommand: add options to --validate-output(-relaxed) … #335

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

MergeCommand: add options to --validate-output(-relaxed) … #335

wants to merge 3 commits into from

Conversation

jimklimov
Copy link
Contributor

@jimklimov jimklimov commented Aug 21, 2023
edited
Loading

…and optionally avoid writing an invalid document

Came up while testing CycloneDX/cyclonedx-dotnet-library#245 but is a relatively independent feature, given that we juggle several versions of faulty merge generator and JSON validator (in-tree and after respective PR merges).

This little change compiles independently and can also be used to check the original bug for that PR in one command, not two (merge+validate) and even allows to protect the output file from changes ;)

In-tree code sees no evil, hears no evil, does not complain.

Library with validate-json-bomref branch does complain for the same inputs:

...
Processing input file tpb-cucumber-2.5.14-cyclonedx.json
    Contains 180 components
Processing input file tpb-cucumber-2.5.21-cyclonedx.json
    Contains 180 components
Processing input file tpb-cucumber-2.5.26-cyclonedx.json
    Contains 180 components
Processing input file tpb-cucumber-2.6.1-cyclonedx.json
    Contains 184 components
Loaded 317 input document(s) with 28886 components originally (overlaps to merge are possible)      
Beginning merge processing (this can take a while)
Validating merged BOM...
'bom-ref' value of pkg:maven/com.google.errorprone/error_prone_annotations@2.18.0?type=jar: expected 1 mention, actual 3
'bom-ref' value of pkg:maven/io.cucumber/cucumber-core@7.11.0?type=jar: expected 1 mention, actual 2
'bom-ref' value of pkg:maven/io.cucumber/cucumber-gherkin@7.11.0?type=jar: expected 1 mention, actual 2
'bom-ref' value of pkg:maven/io.cucumber/cucumber-gherkin-messages@7.11.0?type=jar: expected 1 mention, actual 2
'bom-ref' value of pkg:maven/io.cucumber/gherkin@26.0.3?type=jar: expected 1 mention, actual 2
'bom-ref' value of pkg:maven/io.cucumber/messages@21.0.1?type=jar: expected 1 mention, actual 2
'bom-ref' value of pkg:maven/io.cucumber/tag-expressions@5.0.1?type=jar: expected 1 mention, actual 2
...
Merged BOM is not valid.
    Total 1352 components


real    1m41.539s
user    0m0.015s
sys     0m0.015s

$ echo $?
6
  • note the lack of Writing output file... ;)

FWIW, with the full stack of relevant PRs in discussion applied locally, it is much faster and does dedup well (definition of "well" may vary though, see CycloneDX/cyclonedx-dotnet-library#245):

...
Loaded 317 input document(s) with 28886 components originally (overlaps to merge are possible)      
Beginning merge processing (this can take a while)
Validating merged BOM...
Merged BOM validated successfully.
Writing output file...
    Total 661 components

real    0m17.277s
user    0m0.000s
sys     0m0.046s

@jimklimov
MergeCommand: add options to --validate-output(-relaxed) and optional…
ee2182d 
…ly avoid writing an invalid document

Signed-off-by: Jim Klimov <jimklimov@gmail.com>
@jimklimov jimklimov mentioned this pull request Aug 21, 2023
Open
@jimklimov
MergeCommand.cs: fix handling of "--validate-output-relaxed" flag to …
ed8e30b 
…do write the file for troubleshooting

Signed-off-by: Jim Klimov <jimklimov@gmail.com>
@jimklimov
Merge remote-tracking branch 'upstream/main' into merge-validate
0befcfe 
Signed-off-by: Jim Klimov <jimklimov@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jimklimov