Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: add commit finder tutorial using Arrow library #597

Merged
merged 8 commits into from
Jan 17, 2024
Merged

docs: add commit finder tutorial using Arrow library #597

merged 8 commits into from
Jan 17, 2024

Conversation

benmss
Copy link
Member

@benmss benmss commented Jan 10, 2024
edited
Loading

This PR adds a new tutorial demonstrating the capabilities and usage of the commit finder feature. It highlights how Macaron can report on differences between two versions of the same artifact by analysing the repository's related states. The Arrow Python library is used as a demonstration project.

Closes #500

@benmss
chore: add tutorial for commit finder
234d19d 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jan 10, 2024
@benmss benmss changed the title chore: add commit finder tutorial using Arrow library docs: add commit finder tutorial using Arrow library Jan 10, 2024
@benmss
chore: include new image files
16651d0 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss benmss linked an issue Jan 10, 2024 that may be closed by this pull request
Add a tutorial for the commit finder #500
Closed
@benmss benmss self-assigned this Jan 10, 2024
@benmss benmss marked this pull request as ready for review January 12, 2024 00:43
@benmss benmss requested review from nathanwn and removed request for tromai January 12, 2024 00:50
@nathanwn
Copy link
Member

nathanwn commented Jan 12, 2024
edited
Loading

Thanks for the tutorial. Here are some of my comments:

  • I think the flow of the tutorial is fine. Showcasing the different results between two different versions is a good idea.
  • I'm not so sure that the use of the term "artifact(s)" in different places would be more appropriate than "software component(s)". I think the latter could be more appropriate in certain places in the tutorial, given how Macaron works right now.
  • A suggestion: I'm not sure if we have decided that this tutorial to just be about the macaron analyze command. If it is a standalone tutorial within its own page, and we decide that "macaron verify-policy should be part of every meaningful use case of Macaron", then there may be an argument for also going through a macaron verify-policy command. If that is the case, I would recommend the following policy, which I think is quite appropriate for the tutorial:
#include "prelude.dl"

Policy("has-build-service", component_id, "Require build with build scripts.") :-
    check_passed(component_id, "mcn_build_service_1").

apply_policy_to("has-build-service", component_id) :-
    is_component(component_id, purl),
    match("pkg:pypi/arrow.*", purl).

The policy named "has-build-service" here verifies if the software component with id component_id passes the "mcn_build_service_1" check. This policy is then applied to all software components having their PURL starting with pkg:pypi/arrow (i.e. they are a software component corresponding to some version of the Arrow package).

You can then also the output of the macaron verify-policy command to highlight the different analysis results.

2024-01-12 16:57:14,121 [INFO] Policy results:
component_satisfies_policy
    ['1', 'pkg:pypi/arrow@1.3.0', 'has-build-service']
component_violates_policy
    ['2', 'pkg:pypi/arrow@0.15.0', 'has-build-service']

This should be better than telling the user to "copy and backup the HTML file because it will be overwritten by Macaron", which sounds like an inconvenience created on Macaron's side. Doing it this way also better demonstrates how Macaron is "supposed" to be used, to some extent at least. Having said that, I think you should still showcase the HTML reports because it adds some visual elements to the tutorial.

behnazh-w
behnazh-w reviewed Jan 15, 2024
View reviewed changes
behnazh-w
behnazh-w reviewed Jan 15, 2024
View reviewed changes
benmss added 2 commits January 16, 2024 09:51
@benmss
chore: addressed review feedback
c7bb3ab 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss
chore: add new images
1db9405 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
behnazh-w
behnazh-w reviewed Jan 16, 2024
View reviewed changes
benmss added 4 commits January 16, 2024 11:54
@benmss
chore: addressed review feedback
3fbee3a 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss
chore: fixed tutorial url references
a49fc0f 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss
chore: remove duplicate link
f6fee07 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss
chore: address review feedback
a08ac0c 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
@benmss benmss merged commit 08f5fcf into staging Jan 17, 2024
9 checks passed
art1f1c3R pushed a commit that referenced this pull request Nov 29, 2024
@benmss
docs: add commit finder tutorial using Arrow library (#597)
9e6bb38 
Signed-off-by: Ben Selwyn-Smith <benselwynsmith@googlemail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nathanwn nathanwn nathanwn left review comments

@behnazh-w behnazh-w behnazh-w approved these changes

Assignees

@benmss benmss

Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a tutorial for the commit finder
3 participants
@benmss @nathanwn @behnazh-w