Add experimental support for dry run #698
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #698 +/- ##
==========================================
- Coverage 78.86% 78.50% -0.36%
==========================================
Files 84 84
Lines 5943 5965 +22
==========================================
- Hits 4687 4683 -4
- Misses 1054 1076 +22
- Partials 202 206 +4 ☔ View full report in Codecov by Sentry. |
|
Decided to make it an experimental feature for now (I guess if user feedback has it change for some reason, though I don't believe users will throw this into scripts or anything like that). Took some time trying to figure out how to implement this without making many non-DRY changes or having to resort to changing public API; my current approach is to "mock" the It seems to work fine for the . . .
Scanning directory for vendored libs: /workspaces/osv-scanner/internal/thirdparty
Scanning potential vendored dir: /workspaces/osv-scanner/internal/thirdparty/ar
POST https://api.osv.dev/v1experimental/determineversion
POST https://api.osv.dev/v1/querybatch
vscode ➜ /workspaces/osv-scanner (support-dry-run) $ but I wish to have a discussion about the following questions that came up:
Please let me know if I missed any API endpoints |
|
Thanks! I think the current implementation for dry run looks pretty good! However this does add quite a bit of complexity, and the problem where there are dependencies in the requests like you mentioned in point 2. That's why I was thinking maybe going with a verbose but not dry run option, which would be easier to implement, but still work for someone trying to learn what info is being sent when running osv-scanner. For users with very sensitive dependencies they will have to use the
Yes, reporter is the way to go. If we don't need to do the dry-run option, another way to implement this is to extend the reporter to print different verbosity levels (err, warn, info, verbose...) (which I want to do anyway in the future), this could make the implementation for a verbose mode quite straightforward - store the verbosity level in reporter, and add print statements to all the Yes I think POST bodies should be printed out, they are probably what someone trying to understand what information osv-scanner is sending out want to see.
See above about still logging the queries, just without a dry-run. I'm not sure the dry-run feature is worth it to have to cover these cases.
The best way to test this is probably to add tests to
Yes, I think we should also print out what data queries are sending too. |
|
By the way, do you also personally have a specific use case in mind for needing dry-run instead of just a verbosity flag as well? |
|
Thanks for reviewing this @another-rex!
I think defining verbosity levels is a great idea compared to the limitations I currently see with implementing a dry run mode (i.e. point 2). I agree with you that a dry run mode may not be useful given that users can now opt to perform their scan locally (it seems this feature was made long after the issue I'm trying to solve was made).
No use case for wanting a dry run mode, just saw an open issue and wanted to see if I could resolve it :^). If there is an interest for a verbose option, I could try tackling this in a different PR. From what I understand what should be done here is 2-fold:
Edit: Actually I think these should be two separate PRs as I now think implementing verbosity levels maybe a tad more complicated then how I describe it here 😅 |
|
Technically adding additional functions to the Because of the additional complexity required to keep compatibility let's just go ahead and add those methods directly onto Reporter and update the various reporter presets we have to also implement the new methods. We probably should make the reporter interface itself internal as well to make sure no other implementations exist in the future, but I'll do that in a separate PR. |
|
Gotcha, I'll close this PR and set my sights on implementing verbosity levels for the |
|
Hey @another-rex, FYI I haven't forgot about this but decided to wait until #706 is merged to start tackling this 👍 |
When I originally implemented `Reporter`, IDEs such as GoLand didn't support custom `Printf` functions so I stuck with plain methods and did the `fmt` formatting on the string; that's changed as of GoLand 2023.3 via [GO-5841](https://youtrack.jetbrains.com/issue/GO-5841) 🎉 Technically adding to `Reporter` is a breaking change but as covered [in this comment](#698 (comment)): > I believe there are no other implementations (at least public on github, from a quick code search) of this interface, and there are no good use cases for implementing this manually instead of using one of the preset implementations we provide. Either way I think it's better to land these ASAP to reduce the blast radius then to carry them around for possibly a lot longer - note that I'm not strictly against deprecating/removing `PrintText` and `PrintError` though I don't think there's a lot of value in keeping them. As penance, I've also added rich method comments for the interface. (having said that, since this is a breaking change already maybe we should just remove `PrintText` and `PrintError` right now)
Inspired by what was discussed in #698, this PR makes the necessary (breaking) changes to the `reporter` package such that the `Reporter` interface now provides methods for printing at certain levels (i.e. ErrorLevel, WarnLevel, InfoLevel, and VerboseLevel). It also adds a --verbosity option so that users/automated tools can take advantage of this too. --------- Co-authored-by: Rex P <[email protected]>
Works towards #303.