Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fall back to license from package if not present in versioned package #109

Merged
merged 8 commits into from
Feb 10, 2025
Merged

fix: fall back to license from package if not present in versioned package #109

merged 8 commits into from
Feb 10, 2025

Conversation

thomasschafer
Copy link
Contributor

@thomasschafer thomasschafer commented Feb 6, 2025
edited
Loading

As discussed here, ecosyste.ms only returns license info from the versioned endpoint if it is available from the package registry, which it often isn't. We want to fall back to using the package data to retrieve the license if it is not available in the versioned data, which this PR implements.

@thomasschafer thomasschafer requested review from garethr and a team as code owners February 6, 2025 14:57
@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch from f69719f to 5c6f6d5 Compare February 6, 2025 15:38
mcombuechen
mcombuechen reviewed Feb 6, 2025
View reviewed changes
@mcombuechen
Copy link
Collaborator

I think it would be great if we could document this behaviour, because it is not without risk. There might potentially be the occasional case where we fall back on the wrong license information, if the package data differs from that of a versioned package. Is there a good section in the readme where we could add this?

@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch from 0e408c8 to fa1caed Compare February 6, 2025 16:12
@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch 4 times, most recently from bec7d9e to 284c931 Compare February 6, 2025 16:37
@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch from 284c931 to b88f63d Compare February 6, 2025 16:38
@thomasschafer
Copy link
Contributor Author

I think it would be great if we could document this behaviour, because it is not without risk. There might potentially be the occasional case where we fall back on the wrong license information, if the package data differs from that of a versioned package. Is there a good section in the readme where we could add this?

Just updated the readme with this info

@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch 3 times, most recently from 2239675 to 9b49285 Compare February 7, 2025 13:20
@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch from 9b49285 to 85eb8ad Compare February 7, 2025 13:27
mcombuechen
mcombuechen reviewed Feb 7, 2025
View reviewed changes
lib/ecosystems/enrich_spdx_test.go Outdated
Comment on lines 36 to 45
func parseJson(jsonStr string) map[string]any {
var result map[string]any

err := json.Unmarshal([]byte(jsonStr), &result)
if err != nil {
panic(fmt.Errorf("failed to parse JSON: %w", err))
}

return result
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally—as a test helper—this wouldn't panic. Instead it should require the unmarshal to pass:

Suggested change
func parseJson(jsonStr string) map[string]any {
var result map[string]any
err := json.Unmarshal([]byte(jsonStr), &result)
if err != nil {
panic(fmt.Errorf("failed to parse JSON: %w", err))
}
return result
}
func parseJson(t *testing.T, jsonStr string) map[string]any {
t.Helper()
var result map[string]any
require.NoError(t, json.Unmarshal([]byte(jsonStr), &result))
return result
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense, done!

lib/ecosystems/enrich_spdx_test.go Outdated
return result
}

func setupHttpmock(packageVersionsResponse, packageResponse *string) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func setupHttpmock(packageVersionsResponse, packageResponse *string) {
func setupHttpmock(t *testing.T, packageVersionsResponse, packageResponse *string) {
t.Helper()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

@thomasschafer thomasschafer force-pushed the tschafer-fall-back-to-latest-license branch from eca7b53 to a0e16d0 Compare February 7, 2025 15:14
@thomasschafer thomasschafer merged commit 9e99951 into main Feb 10, 2025
8 checks passed
@thomasschafer thomasschafer deleted the tschafer-fall-back-to-latest-license branch February 10, 2025 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcombuechen mcombuechen mcombuechen approved these changes

@garethr garethr Awaiting requested review from garethr garethr is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thomasschafer @mcombuechen