Tool compatibility checks #3632
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oheger-bosch
requested review from
fviernau,
mnonnenmacher and
sschuberth
as code owners
sschuberth
reviewed
Feb 13, 2021
| * date when this version was released. When using such versions, ranges can be constructed that span a specific | ||
| * period around a base version; so this would cover releases within a specific time frame. | ||
| */ | ||
| data class SemanticVersionRange( |
There was a problem hiding this comment.
Are you aware of com.vdurmont.semver4j.Requirement, or the various comparison function of Semver, like Semver.diff()? They seem to serve a similar purpose as this new class.
There was a problem hiding this comment.
I had a look at these features, but they did not seem to do quite the thing that was needed. After having a second look, the Requirement class could be a replacement for specifying a minimum and maximum version; the user could rather provide an expression following NPM versioning guides. This would, however, still not handle these delta checks and CalVers.
But do you agree in principle that we should support such kind of configuration as "a version that differs only in the patch level from the scanner used by ORT" or "a CalVer released in a specific time frame to the scanner used by ORT"?
oheger-bosch
force-pushed
the
oheger-bosch/scanner/storage_compatibility
branch
from
a62786d
to
fd7d357
Compare
This is a rather generic class to define whether a specific tool in a concrete version is considered compatible. So far the class allows specifying the tool name several criteria to check for the tool version; it is going to be extended later to take command line arguments into account as well. The class is going to be used by scan result storages to determine whether a result produced by a concrete scanner version is compatible with the current scanner. Signed-off-by: Oliver Heger <oliver.heger@bosch.io>
Add a ToolCompatibilityMatcher class that is configured with a list of ToolCompatibilityConfiguration objects. When asked for the compatibility of a specific tool version the class tries to find a configuration that applies to this tool and match it against the criteria specified there. This concept is rather generic. It is going to be used by scan result storages to check the compatibility of stored scan results against the current scanner version. Signed-off-by: Oliver Heger <oliver.heger@bosch.io>
Each scan storage configuration now contains a list of ToolCompatibilityConfiguration objects defining acceptance criteria for specific scanners. The goal of this change is to move the configuration of the compatibility of scan results from the scanner options to the configuration of scan result storages. This is more natural, as this configuration is actually evaluated by scan result storages when they are queried for scan results stored for a specific scanner. Another advantage is an increased flexibility: Acceptance criteria for scan results can now be configured not only per scanner but per scanner and scan result storage. Signed-off-by: Oliver Heger <oliver.heger@bosch.io>
oheger-bosch
force-pushed
the
oheger-bosch/scanner/storage_compatibility
branch
from
fd7d357
to
5abe25e
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is related to #3223; it is a preparation for doing more advanced compatibility checks on tool versions as required by scan result storages to check the compatibility of stored scan results.
The PR introduces the following components:
reference.conffor example configurations.The configurations for scan result storages have been updated to support the new compatibility configuration, but this is not yet evaluated; so this should not break existing configurations. When integrating this mechanism into the scan result storages, it is planned to make the compatibility configuration optional and keep the current behavior if it is missing.
Later on, the compatibility configuration is going to be extended to support (command line) options for tools as well.