feat: use `SortedSet` in model to improve reproducibility #235

RodneyRichardson · 2022-05-27T13:48:54Z

Added __lt__() to all model classes used in SortedSet, with tests
Explicitly declared Enums as (str, Enum) to allow sorting
Added dependency to sortedcollections package
Added ComparableTuple to make sorting compound objects easier

Signed-off-by: Rodney Richardson rodney.richardson@cambridgeconsultants.com

Added `__lt__()` to all model classes used in SortedSet, with tests Explicitly declared Enums as (str, Enum) to allow sorting Added dependency to sortedcollections package Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com>

tests/test_model_component.py

cyclonedx/model/__init__.py

tests/test_model.py

cyclonedx/model/__init__.py

tests/test_model.py

tests/test_model_bom_ref.py

tests/test_model_component.py

typings/sortedcontainers.pyi

Remove unused imports and trailing whitespace. Sort usings in pyi file. Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com>

RodneyRichardson · 2022-05-27T16:14:24Z

@RodneyRichardson besides those lift findings, please fix the findings of mypy and other tools.

see https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md

see https://github.com/CycloneDX/cyclonedx-python-lib/runs/6626778353?check_suite_focus=true

see https://github.com/CycloneDX/cyclonedx-python-lib/runs/6626778287?check_suite_focus=true

see https://github.com/CycloneDX/cyclonedx-python-lib/runs/6626778036?check_suite_focus=true

I've fixed all those, I think. I have an outstanding mypy error I don't know how to resolve:
https://github.com/CycloneDX/cyclonedx-python-lib/runs/6628435343?check_suite_focus=true

cyclonedx/model/__init__.py:62: error: Missing type parameters for generic type
"tuple"  [type-arg]
    class ComparableTuple(tuple):

I've tried replacing tuple with tuple[T,...], but I get a false positive about unreachable code. Any thoughts?

I'll try to look at the other lift issues - some are real, some are cosmetic (e.g. parameter names on overrides)

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com>

typings/sortedcontainers.pyi

RodneyRichardson · 2022-05-27T16:38:45Z

@jkowalleck Ah - it also seems to be failing on python 3.8 and earlier! Any thgouhts?

File "/home/runner/work/cyclonedx-python-lib/cyclonedx-python-lib/cyclonedx/model/__init__.py", line 437, in <module>
    class ExternalReference:
  File "/home/runner/work/cyclonedx-python-lib/cyclonedx-python-lib/cyclonedx/model/__init__.py", line 499, in ExternalReference
    def hashes(self) -> SortedSet[HashType]:
TypeError: 'ABCMeta' object is not subscriptable

jkowalleck · 2022-05-27T17:24:26Z

@RodneyRichardson

re:

cyclonedx/model/init.py:62: error: Missing type parameters for generic type "tuple" [type-arg]
class ComparableTuple(tuple):

the typing.Tuple might help.

from typing import Tuple

class Foo(Tuple[TypeOfItem1, and so on ]): 
  ...

regarding SortedSet and typing i cannot help.
My take on the topic would have implemented __lt__() in each data model (like so), and used sorted() when it came to iterating in the normalizer/serializer (like so).

Change tuple -> Tuple Fix Diff initialization Add sorting to AttachedText Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com>

RodneyRichardson · 2022-05-30T09:39:21Z

My take on the topic would have implemented __lt__() in each data model (like so), and used sorted() when it came to iterating in the normalizer/serializer (like so).

That was my initial implementation, and it was OK for the XML serialization, but the JSON serialization doesn't explicitly iterate the collections when serializing so it didn't work. This approach is more consistent across serializers.

Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com>

RodneyRichardson · 2022-05-30T10:29:47Z

@jkowalleck I have resolved all issues, and and CI jobs are passing now. This is ready for review/merge.

FYI: To solve the type hint issues in python < 3.8, I needed to put SortedSet[T] in quotes.

jkowalleck · 2022-05-31T16:30:09Z

Thanks for the feature, @RodneyRichardson

will review the PR when i have time.
Also i want to see what @madpah has to say.

This means, that the PR will take it's time.

jkowalleck · 2022-06-02T22:24:13Z

bumped mypy and several other dependencies,
in the hope this might fix possible StaticCodeAnalysis false-positives.

could you rebase onto latest "main" branch, @RodneyRichardson ?

RodneyRichardson · 2022-06-06T15:15:25Z

could you rebase onto latest "main" branch, @RodneyRichardson ?

I have merged main into the PR/branch (just clicking the button in Github). Is this sufficient? Or do you need me to rebase the entire branch into a single commit? (I've not rebased on Github before).

jkowalleck · 2022-06-06T16:27:04Z

could you rebase onto latest "main" branch, @RodneyRichardson ?

I have merged main into the PR/branch (just clicking the button in Github). Is this sufficient? Or do you need me to rebase the entire branch into a single commit? (I've not rebased on Github before).

no, thats fine.
The PR will be squashed by us on approval eventually.

madpah · 2022-06-10T07:52:48Z

@RodneyRichardson - many thanks for your great contribution here. All looks good to me, so we'll get this merged imminently!

RodneyRichardson requested a review from a team as a code owner May 27, 2022 13:48