[ISV-5787] Remove child digests from externalRefs by mavaras · Pull Request #269 · konflux-ci/build-tasks-dockerfiles

mavaras · 2025-03-28T17:46:26Z

The build-time index SBOM creation script does not create index image SBOMs as per guidelines (the externalRefs should only contain purls with versions pointing to the index image, not the child digests).

Updates build-time index SBOM creation script
Udpates tests accordingly

mavaras · 2025-03-28T17:50:32Z

@jedinym please take a look. Thanks

BorekZnovustvoritel · 2025-03-31T09:43:58Z

@@ -56,30 +56,35 @@ def digest_hex_val(self) -> str:
        return val

    def purls(self, index_digest: Optional[str] = None) -> list[str]:


Nitpick: I think this argument should no longer be Optional with a default value.

Suggested change

def purls(self, index_digest: Optional[str] = None) -> list[str]:

def purls(self, index_digest: str) -> list[str]:

Good call on making it non-Optional. When I checkout the PR locally, my editor reports type errors which seem like potentially genuine bugs. Will comment inline

jedinym · 2025-03-31T11:19:40Z

@BorekZnovustvoritel What is the process on getting this into usage? Do we need to merge and wait for the image to be built, then change the digest in build-definitions?

BorekZnovustvoritel · 2025-03-31T11:56:47Z

@BorekZnovustvoritel What is the process on getting this into usage? Do we need to merge and wait for the image to be built, then change the digest in build-definitions?

Yes, I think so. Refer to this PR

BorekZnovustvoritel

LGTM, this should work fine.

chmeliik

@mavaras could you please update the commit message(s) to explain what is being done and why? I have no context for this

jedinym · 2025-04-02T12:26:13Z

+    def purls(self) -> list[str]:
+        qualifiers = {"repository_url": self.repository}
+        if self.arch is not None:
+            qualifiers["arch"] = self.arch
+
+        purl = PackageURL(
+            type="oci",
+            name=self.name,
+            version=self.digest,
+            qualifiers=qualifiers,
+        ).to_string()
+
+        return [purl]


This function always returns a single value, let's ditch the list.

jedinym

lgtm

chmeliik

Tests failed, PTAL. I think that we're currently using the arch-specific digests instead of the index image digests as intended

Btw, you can run tests with tox locally

mavaras · 2025-04-02T13:07:34Z

Tests failed, PTAL. I think that we're currently using the arch-specific digests instead of the index image digests as intended

Btw, you can run tests with tox locally

Tests updated. Passing locally

chmeliik · 2025-04-02T14:48:38Z

Tests updated. Passing locally

Ah, I think it was the script code that needed an update, not the tests. Now, the test data has different digests in the purl for the SPDXRef-image-index and in the child image purls, but the digests should be the same

- Updates build-time index SBOM creation script - Udpates tests accordingly

chmeliik · 2025-04-03T07:41:38Z

/ok-to-test

jedinym · 2025-04-03T07:44:58Z

LGTM

chmeliik · 2025-04-03T08:10:28Z

/retest

chmeliik · 2025-04-03T08:50:24Z

/ok-to-test

chmeliik · 2025-04-03T09:14:49Z

quay.io is not too stable these days, huh

/retest

jedinym · 2025-04-03T09:40:16Z

another 502
/retest

mavaras requested a review from a team as a code owner March 28, 2025 17:46

BorekZnovustvoritel reviewed Mar 31, 2025

View reviewed changes

mavaras force-pushed the ISV-5787 branch from 6acb723 to b3e78c9 Compare March 31, 2025 11:18

mavaras requested a review from BorekZnovustvoritel March 31, 2025 14:02

BorekZnovustvoritel approved these changes Mar 31, 2025

View reviewed changes

chmeliik reviewed Apr 1, 2025

View reviewed changes

Comment thread sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated

Comment thread sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated

mavaras force-pushed the ISV-5787 branch 3 times, most recently from 3189c1e to e2531b6 Compare April 1, 2025 07:35

mavaras requested a review from chmeliik April 1, 2025 13:16

mavaras force-pushed the ISV-5787 branch from 832d221 to e2531b6 Compare April 2, 2025 07:31

chmeliik reviewed Apr 2, 2025

View reviewed changes

Comment thread sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated

Comment thread sbom-utility-scripts/scripts/index-image-sbom-script/index_image_sbom_script.py Outdated

mavaras force-pushed the ISV-5787 branch from e2531b6 to 1de6c1b Compare April 2, 2025 12:18

jedinym reviewed Apr 2, 2025

View reviewed changes

mavaras force-pushed the ISV-5787 branch from 1de6c1b to be51a5b Compare April 2, 2025 12:31

jedinym approved these changes Apr 2, 2025

View reviewed changes

chmeliik reviewed Apr 2, 2025

View reviewed changes

mavaras force-pushed the ISV-5787 branch from be51a5b to f84c507 Compare April 2, 2025 13:05

[ISV-5787] Remove child digests from externalRefs

2884148

- Updates build-time index SBOM creation script - Udpates tests accordingly

mavaras force-pushed the ISV-5787 branch from f84c507 to 2884148 Compare April 3, 2025 07:38

mavaras requested a review from chmeliik April 3, 2025 07:40

chmeliik approved these changes Apr 3, 2025

View reviewed changes

Merge branch 'main' into ISV-5787

aec450c

chmeliik merged commit 93661cf into konflux-ci:main Apr 3, 2025
3 checks passed

		@@ -56,30 +56,35 @@ def digest_hex_val(self) -> str:
		return val

		def purls(self, index_digest: Optional[str] = None) -> list[str]:

	def purls(self, index_digest: Optional[str] = None) -> list[str]:
	def purls(self, index_digest: str) -> list[str]:

Conversation

mavaras commented Mar 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

mavaras commented Mar 28, 2025

Uh oh!

BorekZnovustvoritel Mar 31, 2025

Choose a reason for hiding this comment

Uh oh!

mavaras Mar 31, 2025

Choose a reason for hiding this comment

Uh oh!

chmeliik Apr 2, 2025

Choose a reason for hiding this comment

Uh oh!

jedinym commented Mar 31, 2025

Uh oh!

BorekZnovustvoritel commented Mar 31, 2025

Uh oh!

BorekZnovustvoritel left a comment

Choose a reason for hiding this comment

Uh oh!

chmeliik left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

jedinym Apr 2, 2025

Choose a reason for hiding this comment

Uh oh!

mavaras Apr 2, 2025

Choose a reason for hiding this comment

Uh oh!

jedinym left a comment

Choose a reason for hiding this comment

Uh oh!

chmeliik left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

mavaras commented Apr 2, 2025

Uh oh!

chmeliik commented Apr 2, 2025

Uh oh!

chmeliik commented Apr 3, 2025

Uh oh!

jedinym commented Apr 3, 2025

Uh oh!

chmeliik commented Apr 3, 2025

Uh oh!

chmeliik commented Apr 3, 2025

Uh oh!

chmeliik commented Apr 3, 2025

Uh oh!

jedinym commented Apr 3, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

mavaras commented Mar 28, 2025 •

edited

Loading

chmeliik left a comment •

edited

Loading