-
Notifications
You must be signed in to change notification settings - Fork 7
Compatibility script: fossa report attribution --json
#397
Conversation
@meghfossa removed your request for review for now because these build scripts are causing me grief. Once I have it figured out I'll re-request from you! |
vendor_download.sh
Outdated
|
||
echo "Vendored binaries are ready for use" | ||
ls -lh vendor/ | ||
echo "Vendor-binsed binaries are ready for use" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm guessing a find-and-replace caught this one.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
woops! 😅
@kitified Does attribution require specific permission or FF enabled for the org? (I'm getting FOSSA API: no permission) error - this is with my free seat account on app.fossa.com. |
@meghfossa you have to run it with a full token, otherwise I'm not aware of anything special. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please look at comments on Github Build workflow before merging!
Other than that LGTM.
- Can you also add issue in backlog to remove this mode post April 2022?
- It would nice if you can modify Makefile to build
compat-attribution
in this PR as well.
Changelog.md
Outdated
@@ -1,5 +1,9 @@ | |||
# Spectrometer Changelog | |||
|
|||
## Unreleased |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's have a dedicated release since, we are adding new executable in distribution
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed - I always make a final commit right before merging which sets the appropriate release number.
@meghfossa is there a specific reason you want this? I personally would rather we didn't, as we don't build other targets in the makefile already (for example, |
That's good catch on pathfinder not existing on makefile - I take this back, feel free to ignore this comment. |
Overview
Adds a compatibility script for
fossa attribution --json
.Acceptance criteria
The sole exception to this is that FOSSAv1 sometimes outputs
Notes
keys (which are arrays of strings) with a single zero-value string, but sometimes not. The FOSSAv2 version of the report consistently reports an empty array in these cases, so we don't really have a way to reproduce this exactly.Example:
Testing plan
fossa report attribution --json
on that same project using both FOSSA v1 and v2. Save their outputs to disk and note the differences.fossa report attribution --json | go build scripts/compat-attribution/main.go
using FOSSA v2. Save its output to disk.Risks
Not very risky.
Potentially Contentious Decisions
I set up a Go project at the root of Spectrometer to make this happen.
I originally spent a fair amount of time trying to hack this with something like
jq
in pure bash because I wanted to avoid this, but it quickly became a mess. Rather than go down that route I decided that this was the more reasonable option. Happy to discuss it with the team if there are strong objections though.This is also why I moved the
vendor/
folder tovendor-bins/
: the existence of avendor/
folder made Go very sad indeed.Checklist
docs/
.Changelog.md
if this change is externally facing. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top.Also I didn't include any tests because: