Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validation should only occur under API 0.7 #108

Merged
merged 1 commit into from
Jan 11, 2022
Merged

Validation should only occur under API 0.7 #108

merged 1 commit into from
Jan 11, 2022

Conversation

dmikusa
Copy link
Contributor

@dmikusa dmikusa commented Jan 10, 2022

  • Adds API checks before validating SBOM format, should only happen with API 0.7+
  • Adds a test to confirm validation does not run if the API is less than 0.7.

Resolves #107

Signed-off-by: Daniel Mikusa [email protected]

Validation should only occur under API 0.7
45c858b 
- Adds API checks before validating SBOM format, should only happen with API 0.7+
- Adds a test to confirm validation does not run if the API is less than 0.7.

Resolves #107

Signed-off-by: Daniel Mikusa <[email protected]>
@dmikusa dmikusa added type:bug A general bug semver:patch A change requiring a patch version bump labels Jan 10, 2022
@dmikusa dmikusa requested a review from sambhav January 10, 2022 21:36
sambhav
sambhav reviewed Jan 10, 2022
View reviewed changes
build.go
if err := validateSBOMFormats(ctx.Layers.Path, ctx.Buildpack.Info.SBOMFormats); err != nil {
config.exitHandler.Error(fmt.Errorf("unable to validate SBOM\n%w", err))
return
if API != "0.1" && API != "0.2" && API != "0.3" && API != "0.4" && API != "0.5" && API != "0.6" {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shall we just check if api == 0.7 for now? we can add semver parsing later.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went with this approach because it is future proof and doesn't need changing in the future. It is very ugly though.

I'm not opposed to just matching on 0.7, but I worry that'll cause something to break in the future.

+100 for better API matching. That should be a target for v2. We should also look at some possible patterns for coding multiple version support in sane ways. IMHO, having If version == xyz blocks all over is hard to maintain. There's got to be something better we can do there for v2.

@sambhav sambhav merged commit 896a63b into buildpacks:main Jan 11, 2022
@dmikusa dmikusa deleted the gh_issue_107 branch March 5, 2022 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sambhav sambhav sambhav approved these changes

Assignees
No one assigned
Labels
semver:patch A change requiring a patch version bump type:bug A general bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SBOM validation fails if buildpack API is 0.6
2 participants
@dmikusa @sambhav