Validate Subcommand! #46
Conversation
k8s-ci-robot
added
kind/feature
k8s-ci-robot
added
approved
|
thanks for this feature |
| @@ -62,6 +62,7 @@ func init() { | |||
| rootCmd.AddCommand(generateCmd) | |||
| rootCmd.AddCommand(documentCmd) | |||
| rootCmd.AddCommand(versionCmd) | |||
| AddValidate(rootCmd) | |||
There was a problem hiding this comment.
I noticed that this deviates from the pattern of the other commands. Do you plan on refactoring the others to follow this new pattern?
There was a problem hiding this comment.
Yep, I tried to switch to the pattern @justaugustus recommended here: #27 (review)
I will refactor the rest of the CLI to match.
puerco
force-pushed
the
validate
branch
2 times, most recently
from
9f6c03c to
6e49272
Compare
|
Ready,foxed the nit and also pushed the new function test. Please take another look when you have time @cpanato |
| cmd.PersistentFlags().BoolVarP( | ||
| &valOpts.exitCode, | ||
| "exit-code", | ||
| "e", | ||
| false, | ||
| "when true, bom will exit with exit code 1 if invalid artifacts are found", | ||
| ) |
There was a problem hiding this comment.
I think this is maybe extraneous?
Is there a scenario where we'd want a validate command to "fail successfully"?
There was a problem hiding this comment.
Yes! The idea is that you can check the integrity of files you download and use the tool in a script:
bom validate -e sbom.spdx file.zip || echo "Your zipfile is corrupt"
The bom action will use it to verify bom itself:
Signed-off-by: Adolfo García Veytia <adolfo.garcia@uservers.net>
|
Fixed the merge conflicts 🚀 |
FOr the first time we have some validation support in the SBOM, this commit introduces the first initial rough method to check files in the SBOM against paths. Signed-off-by: Adolfo García Veytia <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia <adolfo.garcia@uservers.net>
This commit adds a new subcommand to bom `bom validate` This allows the tool to check a file's integrity against data contained in an SBOM. For now we only support files but more types will be implemented soon(tm). Signed-off-by: Adolfo García Veytia <adolfo.garcia@uservers.net>
Signed-off-by: Puerco <github@pog.eml.mx>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: puerco, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR introduces to bom the capability to start validating things. For now, only files attached to the first level of the document are supported and we will be introducing more artifact types and other kinds of validation.
Which issue(s) this PR fixes:
None
Special notes for your reviewer:
Test fordocument.ValidateFiles()is coming in a followup shortlyTest is now included
/assign @cpanato
Does this PR introduce a user-facing change?