Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add yardstick labels symlink to gitignore #151

Merged
merged 6 commits into from
Aug 24, 2023
Merged

Add yardstick labels symlink to gitignore #151

merged 6 commits into from
Aug 24, 2023

Conversation

wagoodman
Copy link
Contributor

@wagoodman wagoodman commented Aug 24, 2023
edited
Loading

A few changes were made in this PR:

  • while troubleshooting it would have been nice to see a little more information in the output, so verbosity has been increased
  • similarly, there is nice formatting that is disabled due to the environment, so I've forced it to be enabled
  • the labels should never be behind or we risk not building a DB due to stale labels. I've updated the git submodule to track the main branch of the vulnerability-match-labels repo. If ever there is an issue in the future, we can pin back to a specific version.
  • the .gitignore was incorrectly ignoring the data/yardstick/labels directory. This has been corrected.
  • bumped the unlabeled matches gate from 25% to 35% as a workaround for v1 and v2 rpm epoch issues.

More on the gitignore change...

This is not valid:

# .gitignore
/data
!/data/yardstick/labels

Tip of the hat to https://stackoverflow.com/questions/3203228/git-ignore-exception/72380673#72380673 on this one.

When running the production run yesterday there were no relative comparison differences so the labels were not used. However, today there happened to be differences, so the labels were attempted to be used, but the link was not checked in, so it was as if there were no labels. The gate (correctly) failed since there were too many matches that were unlabeled.

@wagoodman wagoodman requested a review from a team August 24, 2023 13:27
@wagoodman wagoodman self-assigned this Aug 24, 2023
@wagoodman wagoodman marked this pull request as draft August 24, 2023 14:20
@wagoodman wagoodman marked this pull request as ready for review August 24, 2023 15:11
@wagoodman
Copy link
Contributor Author

It looks like the v1 and v2 schemas will not pass validation. A further look shows that this is mainly due to the fact that RPMs at these grype versions did not have epoch captured, thus the labels are not matching appropriately.

Adding labels for these matches is not the right thing to do since they would not be accurate. Adding an exception to not validate the v1 and v2 DBs also isn't a good idea since we still want to protect against possible publishing issues. We could bump the gate configuration, however this will apply to all images for all DB schemas. This last approach is the lesser of all evils, so I'll make that update here, but ultimately we need to drop support for v1 and v2 schemas in the near future (which was always the plan).

@wagoodman wagoodman merged commit f3fb6e4 into main Aug 24, 2023
13 checks passed
@wagoodman wagoodman deleted the fix-labels-git-ignore branch August 24, 2023 15:34
@westonsteimel westonsteimel added the changelog-ignore Don't consider when generating the changelog label Aug 25, 2023
willmurphyscode pushed a commit that referenced this pull request Mar 27, 2024
@dependabot
chore(deps-dev): Bump pytest from 7.2.2 to 7.3.1 (#151)
f4d5d22 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.2.2 to 7.3.1.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@7.2.2...7.3.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wagoodman wagoodman

Labels
changelog-ignore Don't consider when generating the changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wagoodman @westonsteimel