SPDX expression support improvements #2965
Conversation
Signed-off-by: nscuro <[email protected]>
Signed-off-by: nscuro <[email protected]>
Signed-off-by: nscuro <[email protected]>
New columns will be handled by DataNucleus Signed-off-by: nscuro <[email protected]>
With the addition of new test cases, sometimes tests executed later get additional events / notifications that were not sent during their execution, but potentially by the test executed before them. Signed-off-by: nscuro <[email protected]>
Signed-off-by: nscuro <[email protected]>
…tenceManager` Signed-off-by: nscuro <[email protected]>
Are unfinished asynchronous tasks using the database a problem? 🤔 Signed-off-by: nscuro <[email protected]>
|
Thanks for following up on this, and making improvements where I was lacking knowledge about the framework's capabilities or intricacies 🚀 |
Thank you @hborchardt for contributing what you have been able to! Sometimes we don't get enough time or have the knowledge (im sure you can reference my PR thats been open for eons now 😸 ) |
| @@ -136,7 +130,7 @@ public void informTest() throws Exception { | |||
| final byte[] bomBytes = Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("bom-1.xml").toURI())); | |||
|
|
|||
| new BomUploadProcessingTask().inform(new BomUploadEvent(project.getUuid(), bomBytes)); | |||
| assertConditionWithTimeout(() -> NOTIFICATIONS.size() >= 5, Duration.ofSeconds(5)); | |||
| assertConditionWithTimeout(() -> NOTIFICATIONS.size() >= 6, Duration.ofSeconds(5)); | |||
There was a problem hiding this comment.
i see this is being changed from notification size >= 5 ... to 6. Is this a 1 to 1 mapping with duration of seconds? @nscuro
There was a problem hiding this comment.
It's an inconsistency in assertions that I noticed while debugging another issue with this test.
This statement is waiting for 6 (previously 5) notifications to be sent, and will wait up to 5 seconds for this to happen.
It's more or less a means of ensuring all asynchronous processing has completed before doing further assertions.
The actual notification content is being asserted later in the test:
I noticed that the above assertion is checking for 6 notifications, not just 5... :D
|
|
||
| final byte[] bomBytes = """ | ||
| { | ||
| "bomFormat": "CycloneDX", |
There was a problem hiding this comment.
if this is a test to upload a bom that is of SPDX, should we include appropriate spdx nomenclature outside of just the license? I suspect if someone uploads an SPDX bom, they would want that information to stay when downloading it too.
There was a problem hiding this comment.
SPDX BOMs are not supported at all right now; Uploads of such BOMs will be rejected. We have #1746 open, but doesn't look like we're going to address that anytime soon.
For this change, we just want to ensure that SPDX license expressions within a CDX BOM are correctly ingested.
There was a problem hiding this comment.
🤦♀️ for various reasons we discussed... i swear it was! Thanks for bringing me back to reality 😺
There was a problem hiding this comment.
@nscuro 👨💻 guru! awesome changes in such a short amount of time. I had 2 comments that could be easy for you to answer/address. Hopefully you can take a look before merging!
Description
Building upon #2400, this PR adds missing functionality for setting license expressions via REST API, and adds expression validation for both REST API and BOM ingestion.
Invalid expressions submitted via frontend or REST API will result in an API error, whereas invalid expressions encountered during BOM ingestion will be logged and skipped.
Addressed Issue
N/A
Additional Details
N/A
Checklist
This PR fixes a defect, and I have provided tests to verify that the fix is effectiveThis PR introduces changes to the database model, and I have added corresponding update logicThis PR introduces new or alters existing behavior, and I have updated the documentation accordingly