Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate OpenScanHub with Packit #2107

Closed
3 tasks done
lachmanfrantisek opened this issue Jun 29, 2023 · 7 comments
Closed
3 tasks done

Integrate OpenScanHub with Packit #2107

lachmanfrantisek opened this issue Jun 29, 2023 · 7 comments
Labels
complexity/epic Lost of work ahead, planning/design required.

Comments

@lachmanfrantisek
Copy link
Member

lachmanfrantisek commented Jun 29, 2023

As a package developer, I would like to see the result of the OpenScanHub analysis for my package so I am able to fix the possible issues when a new change is introduced.

  • Implement OpenScanHub integration in Packit core.
  • Implement a new handler to trigger the new OpenScanHub job after the Copr build is done.
  • Support differential check by sending the build from the base branch.

In the meantime, as a workaround, people can use csmock in testing farm as being tried in packit/hello-world#1530 (similar to example rpminspecsetup)

@lachmanfrantisek lachmanfrantisek added the complexity/epic Lost of work ahead, planning/design required. label Jun 29, 2023
@lachmanfrantisek
Copy link
Member Author

lachmanfrantisek commented Jul 3, 2023

Since our capacity for Q3 is a bit limited, we -- as a Packit team -- decided to focus on other epics (see the board). For now, people can use csmock directly (as documented at https://packit.dev/docs/configuration/upstream/tests/#csmock ).

But hopefully, people from OpenScanHub will help us with the implementation.

(The details are still yet to be decided.)

@lachmanfrantisek
Copy link
Member Author

We didn't pick this as a top Packit team priority for the next quarter, but anyone can still help us make this happen. We are open to any collaboration and have successfully implemented/started multiple affords thanks to people outside of the Packit team.

Here, we still have a workaround and we can even improve this workaround by adding the plan to the github.com/packit/tmt-plans (~ a shared library of various tmt plans) that is currently being created...

@lachmanfrantisek
Copy link
Member Author

We've met with Situ and here are some updates:

  • If not allowed by default, people might not start using this functionality. (Static analysis might not look like a cool thing..;) => We can start with doing this automatically as a next step after the Copr build. (Have a config flag for this.)
  • We should use differential check but this requires target branch builds to be configured.
  • MVP does not need to resolve reporting -- we can start with the OpenScanHub task URL in the check run page and leave it to the user. (Reporting the result might be done later.)
  • If we give Situ pointers and guidance, he's willing to try the implementation. (Would be nice to let him implement the core functionality and the Packit team to do the service part.)

Two issues that would help with the implementation

@lachmanfrantisek
Copy link
Member Author

Small update:

@lachmanfrantisek
Copy link
Member Author

lachmanfrantisek commented Sep 5, 2024

I am going to mark this epic as finished since we've accomplished what we wanted to do. Thanks everyone involved (mainly @siteshwar and @lbarcziova)!

I've created a new epic for the logical next step:

@lachmanfrantisek
Copy link
Member Author

lachmanfrantisek commented Sep 5, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
complexity/epic Lost of work ahead, planning/design required.
Projects
Archived in project
Development

No branches or pull requests

2 participants