Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: snyk fix v1 (Python) in behind FF #1707

Merged
merged 9 commits into from
Mar 30, 2021
Merged

Feat: snyk fix v1 (Python) in behind FF #1707

merged 9 commits into from
Mar 30, 2021

Conversation

lili2311
Copy link
Contributor

@lili2311 lili2311 commented Mar 10, 2021
edited
Loading

  • Ready for review
  • Follows CONTRIBUTING rules
  • Reviewed by Snyk internal team

What does this PR do?

Introduce snyk fix command behind FF as beta version. Supports only fixing requirements.txt projects that do not include a -r or -c directive.

The command first runs a snyk test command and then uses the results to automatically apply remediation, similar to wizard but in an automated fashion.

Note

  • no help text for this command as it is behind a flag & will be in beta for a while.
  • partial conversion to TestResult & ScanResult to only grab what is needed for now, this will evolve if needed but ideally we migrate away to new EcoSystem flow where this data will be available without a conversion.

Where should the reviewer start?

src/cli/commands/fix/index.ts

How should this be manually tested?

snyk fix --all-projects --org=org-with-FF-enabled

Any background context you want to provide?

Relies on #1716

Screenshots

snykFixGif1
snykFixGif2
CleanShot 2021-03-16 at 15 08 44@2x

@lili2311 lili2311 added 🚧 WIP Work In Progress 🐂 Team Bull labels Mar 10, 2021
@lili2311 lili2311 self-assigned this Mar 10, 2021
@lili2311 lili2311 force-pushed the feat/snyk-fix branch 15 times, most recently from e9da8ba to fa8b7ff Compare March 12, 2021 17:50
@lili2311 lili2311 changed the title Feat/snyk fix Feat: snyk fix v1 (Python) in behind FF Mar 12, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Mar 15, 2021
edited
Loading

Warnings
⚠️

Looks like you added a new Tap test. Consider making it a Jest test instead. See files like test/*.spec.ts for examples. Files found:

  • test/fixtures/snyk-fix/test-result-pip-with-remediation.json
  • test/smoke/spec/snyk_fix_spec.sh
Messages
📖 You are modifying something in test/smoke directory, yet you are not on the branch starting with smoke/. You can prefix your branch with smoke/ and Smoke tests will trigger for this PR.

Generated by 🚫 dangerJS against 3d872fb

@lili2311 lili2311 force-pushed the feat/snyk-fix branch 8 times, most recently from 2b50f98 to d7baaf0 Compare March 16, 2021 14:15
@lili2311 lili2311 marked this pull request as ready for review March 16, 2021 15:18
@JackuB JackuB mentioned this pull request Mar 26, 2021
Merged
@lili2311 lili2311 closed this Mar 29, 2021
@lili2311 lili2311 reopened this Mar 29, 2021
JackuB
JackuB approved these changes Mar 29, 2021
View reviewed changes
Copy link
Contributor

@JackuB JackuB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extensively discussed this within Hammer and we are happy to approve this 👍

@lili2311 lili2311 mentioned this pull request Mar 29, 2021
Merged
1 task
@lili2311
chore: lerna release with exact version
77e6665 
This will ensure that cross-package dependencies will be all using the same version
@lili2311 lili2311 removed the request for review from a team March 29, 2021 14:55
MegaBean
MegaBean reviewed Mar 29, 2021
View reviewed changes
src/cli/commands/fix/validate-fix-command-is-supported.ts
}

const ecosystem = getEcosystemForTest(options);
if (ecosystem) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am I missing something here? We will always throw FeatureNotSupportedByEcosystemError unless the ecosystem is null in which case we do support it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thats correct, snyk fix v1 doesn't support any ecosystems only old style test for now. So only if this something with a packageManager via old test flow

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. So a null ecosystem means that we are using the old test flow? Maybe a comment would help to make this clearer?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thats the same as in snyk test flow, add the comment to both? https://github.com/snyk/snyk/blob/e0e1b30a10c80e55b18eb985f1e185a6a23503c2/src/cli/commands/test/index.ts#L70

gitphill
gitphill reviewed Mar 30, 2021
View reviewed changes
src/cli/modes.ts Outdated Show resolved Hide resolved
@lili2311 lili2311 force-pushed the feat/snyk-fix branch 3 times, most recently from de5aacd to 3296586 Compare March 30, 2021 13:50
@github-actions
Copy link
Contributor

github-actions bot commented Mar 30, 2021
edited by lili2311
Loading

Expected release notes (by @lili2311)

features:
add @snyk/fix as a dep (c68c7da)
improve snyk fix spinner output (23bd100)
skip failed snyk test paths when fixing (4ef96f5)
output the fixSummary provided by @snyk/fix (34df01d)
introduce snyk fix CLI command (626ff6d)

others (will not be included in Semantic-Release notes):
assert exact errors for unsupported (3d872fb)
lerna release with exact version (77e6665)
smoke test for snyk fix (ca508ac)
call legacy snyk test in a function call (cbeeeaf)

  • I hereby acknowledge these release notes are 🥙 AWESOME 🥙

@lili2311 lili2311 merged commit 1449c57 into master Mar 30, 2021
@lili2311 lili2311 deleted the feat/snyk-fix branch March 30, 2021 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MegaBean MegaBean MegaBean left review comments

@JackuB JackuB JackuB approved these changes

@gitphill gitphill gitphill approved these changes

Assignees

@lili2311 lili2311

Labels
🐂 Team Bull
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lili2311 @JackuB @gitphill @MegaBean