Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update sign.py to only sign specific file types #303

Merged
merged 1 commit into from
Aug 25, 2021
Merged

Update sign.py to only sign specific file types #303

merged 1 commit into from
Aug 25, 2021

Conversation

mch2
Copy link
Member

@mch2 mch2 commented Aug 23, 2021

Signed-off-by: Marc Handalian handalm@amazon.com

Description

Restrict signer to sign only the following file types - ['.zip', '.jar', '.war', '.pom', '.module', 'tar.gz']

Issues Resolved

closes #302

Check List

  • [ x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dblock
Copy link
Member

dblock commented Aug 23, 2021

Perfect opportunity for a unit test ;)

peternied
peternied approved these changes Aug 24, 2021
View reviewed changes
bundle-workflow/python/sign.py Outdated
artifact_list = component.artifacts[artifact_type]

artifact_list = [a for a in component.artifacts[artifact_type] if pathlib.Path(a).suffix in ACCEPTED_FILE_TYPES]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be useful for debugging to know what was excluded with a log message

@mch2 mch2 force-pushed the sign-filetype branch 5 times, most recently from 1cb8efb to c33b3df Compare August 25, 2021 02:42
@mch2 mch2 requested review from dblock and peternied August 25, 2021 02:44
@mch2
Update sign.py to only sign specific file types
acabf41 
Signed-off-by: Marc Handalian <handalm@amazon.com>
mch2
mch2 commented Aug 25, 2021
View reviewed changes
bundle-workflow/tests/signing_workflow/__init__.py
import sys

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../.."))
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../src"))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idk if there is a more elegant way to define this, but without /src it could not find the signer's import of git_repository.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I couldn't find a better way to do it.

You should have just one though, and in tests import from src.git.git_repository import GitRepository, note the src.. As written you may have a conflict in class names between tests and src.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I tried this but still get a module not found error with pytest.

bundle-workflow/src/signing_workflow/signer.py:10: in <module>
    from git.git_repository import GitRepository
E   ModuleNotFoundError: No module named 'git'

The signer.py src file has a dependency on GitRepository, and when running tests it can't find git.git_repository on the path unless I explicitly add the extra

sys.path.insert(0, os.path.join(os.path.dirname(__file__), "../../src"))

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

going to merge as is, will see if I can sort this out.

dblock
dblock reviewed Aug 25, 2021
View reviewed changes
bundle-workflow/tests/signing_workflow/test_sign.py

class TestSigner(unittest.TestCase):

@patch('src.signing_workflow.signer.GitRepository')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh I like this!

dblock
dblock approved these changes Aug 25, 2021
View reviewed changes
Copy link
Member

@dblock dblock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you should fix the double insert of paths in __init__.py, otherwise LGTM.

@mch2 mch2 merged commit dc61d8f into opensearch-project:main Aug 25, 2021
@mch2 mch2 deleted the sign-filetype branch August 25, 2021 19:22
alborotogarcia pushed a commit to alborotogarcia/opensearch-build that referenced this pull request Sep 7, 2021
@mch2
Update sign.py to only sign specific file types (opensearch-project#303)
f0ede48 
Signed-off-by: Marc Handalian <handalm@amazon.com>
@jmazanec15 jmazanec15 mentioned this pull request Mar 24, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peternied peternied peternied approved these changes

@dblock dblock dblock approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Restrict sign workflow to only signing specific file types.
3 participants
@mch2 @dblock @peternied