bootc icon indicating copy to clipboard operation
bootc copied to clipboard
verified publisher icon containers

WIP: Build lint

Open prestist opened this issue 2 years ago • 10 comments

We know this does not fix #216 yet, we are working this in time-slots as a part of mobbing to address this. In the next update we plan on having the logic to check for one kernel complete. Then we can debate if we want the lint to be in this code base, or if we want it to be moved somewhere else.

prestist avatar Mar 07 '24 15:03 prestist

Skipping CI for Draft Pull Request. If you want CI signal for your change, please convert it to an actual PR. You can still manually trigger a test run with /test all

openshift-ci[bot] avatar Mar 07 '24 15:03 openshift-ci[bot]

Also it'd be great to have a test for this, which could be done in a variety of ways there's currently 3 distinct frameworks in use here (GHA, tmt, Prow+kola), which I'd like to take down to just the first two probably, except Prow is the most container-native which is what this test would be oriented towards. But basically building a derived image with two kernels and running the lint in it would make sense.

Another longer term thing to consider here is things like machine-readable output for lints; they're like compiler errors, with the same long term need for tooling that can do more to render than just scrape stdout.

cgwalters avatar Mar 11 '24 15:03 cgwalters

Also it'd be great to have a test for this, which could be done in a variety of ways there's currently 3 distinct frameworks in use here (GHA, tmt, Prow+kola), which I'd like to take down to just the first two probably, except Prow is the most container-native which is what this test would be oriented towards. But basically building a derived image with two kernels and running the lint in it would make sense.

Thank you for that idea, we had not even gotten to the testing stage yet, I think this makes sense and we will look into doing this in our next mob session!

Another longer term thing to consider here is things like machine-readable output for lints; they're like compiler errors, with the same long term need for tooling that can do more to render than just scrape stdout.

Ah so similar to how the context.paths work in butane/ignition?

prestist avatar Mar 14 '24 18:03 prestist

Ah so similar to how the context.paths work in butane/ignition?

I'm not sure, can you give an example? Or do you mean just how Ignition is inherently JSON?

My thought was like https://doc.rust-lang.org/rustc/json.html (could obviously be much, much simpler than that of course).

cgwalters avatar Mar 19 '24 17:03 cgwalters

See https://github.com/containers/bootc/issues/410 for another good lint.

cgwalters avatar Mar 21 '24 13:03 cgwalters

https://github.com/containers/bootc/issues/439 is perhaps another thing we could try to lint against. (That said I'm increasingly thinking we should just make everything else be usr_t.)

cgwalters avatar Mar 26 '24 19:03 cgwalters

One thing that came up related to https://github.com/containers/bootc/issues/128 is we found out that people are trying to do RUN podman pull <image> - this is another thing that we could at least detect at build time.

cgwalters avatar Apr 08 '24 19:04 cgwalters

What about the land the initial kernel lint and then add the other lints on other PRs?

jmarrero avatar May 03 '24 02:05 jmarrero

@jmarrero, I think that makes sense. I dont want to see this outstanding for much longer. That way we add value, and can add more as time allows. I need to rebase this thing before I add the doc's that colin wanted me to create though. After that the pr should be healthy.

prestist avatar May 07 '24 18:05 prestist

Agree with @jmarrero , make the original PR ready and let CI runs, can check if there is anything regression with the change.

HuijingHei avatar May 13 '24 09:05 HuijingHei

@cgwalters how do you feel about this atm?

If you wanted to have the container subcommand I have an alternative here:

https://github.com/jmarrero/bootc/commit/a0de33de8d84d74c8ec617eadc5323e6d18846cb

that runs via:

bootc container --lint instead of bootc build-lint

Is there one you think is better still, another option you prefer?

jmarrero avatar May 23 '24 13:05 jmarrero

I went ahead and did some further updates here:

  • Squashed the commits
  • Moved the linting code into its own module
  • Added targeted unit tests in that module
  • Changed our own container build to use it just to dogfood
  • Adjusted the documentation comments and ran cargo xtask man2markdown to generate manpages

WDYT?

cgwalters avatar May 30 '24 22:05 cgwalters

I went ahead and did some further updates here:

* Squashed the commits

* Moved the linting code into its own module

* Added targeted unit tests in that module

* Changed our own container build to use it just to dogfood

* Adjusted the documentation comments and ran `cargo xtask man2markdown` to generate manpages

WDYT?

Im good to merge; Thank you for the assist! and all the help up to this point! LGTM.

prestist avatar Jun 03 '24 19:06 prestist