packit-service icon indicating copy to clipboard operation
packit-service copied to clipboard
verified publisher icon packit

Integrate OpenScanHub with Packit

Open lachmanfrantisek opened this issue 2 years ago • 5 comments

As a package developer, I would like to see the result of the OpenScanHub analysis for my package so I am able to fix the possible issues when a new change is introduced.

  • [ ] Implement OpenScanHub integration in Packit core.
  • [ ] Implement a new handler to trigger the new OpenScanHub job after the Copr build is done.
  • [ ] Support differential check by sending the build from the base branch.

In the meantime, as a workaround, people can use csmock in testing farm as being tried in https://github.com/packit/hello-world/pull/1530 (similar to example rpminspecsetup)

lachmanfrantisek avatar Jun 29 '23 10:06 lachmanfrantisek

Since our capacity for Q3 is a bit limited, we -- as a Packit team -- decided to focus on other epics (see the board). For now, people can use csmock directly (as documented at https://packit.dev/docs/configuration/upstream/tests/#csmock ).

But hopefully, people from OpenScanHub will help us with the implementation.

(The details are still yet to be decided.)

lachmanfrantisek avatar Jul 03 '23 11:07 lachmanfrantisek

We didn't pick this as a top Packit team priority for the next quarter, but anyone can still help us make this happen. We are open to any collaboration and have successfully implemented/started multiple affords thanks to people outside of the Packit team.

Here, we still have a workaround and we can even improve this workaround by adding the plan to the github.com/packit/tmt-plans (~ a shared library of various tmt plans) that is currently being created...

lachmanfrantisek avatar Sep 27 '23 13:09 lachmanfrantisek

We've met with Situ and here are some updates:

  • If not allowed by default, people might not start using this functionality. (Static analysis might not look like a cool thing..;) => We can start with doing this automatically as a next step after the Copr build. (Have a config flag for this.)
  • We should use differential check but this requires target branch builds to be configured.
  • MVP does not need to resolve reporting -- we can start with the OpenScanHub task URL in the check run page and leave it to the user. (Reporting the result might be done later.)
  • If we give Situ pointers and guidance, he's willing to try the implementation. (Would be nice to let him implement the core functionality and the Packit team to do the service part.)

Two issues that would help with the implementation

  • [ ] https://github.com/openscanhub/fedora-infra/issues/3 (as mentioned, reporting can be done later)
  • [ ] https://github.com/openscanhub/openscanhub/issues/248 (would avoid re-uploads of Copr SRPM, should be doable)

lachmanfrantisek avatar Mar 28 '24 08:03 lachmanfrantisek

Small update:

  • Situ made the implementation in core/CLI in https://github.com/packit/packit/pull/2301
  • The next step is to do the service part as described above. (Run the check by default as a follow-up to all successful Corp builds where we have base build available.)
    • We've created packit/research#213 to agree on the implementation details.

lachmanfrantisek avatar Jun 06 '24 13:06 lachmanfrantisek

Current TODO:

  • [ ] #2454
  • [ ] #2463
  • [ ] packit/packit.dev#899

lbarcziova avatar Jul 11 '24 08:07 lbarcziova

I am going to mark this epic as finished since we've accomplished what we wanted to do. Thanks everyone involved (mainly @siteshwar and @lbarcziova)!

I've created a new epic for the logical next step:

  • [ ] https://github.com/packit/packit-service/issues/2516

lachmanfrantisek avatar Sep 05 '24 10:09 lachmanfrantisek

Related:

  • [ ] https://github.com/packit/packit/issues/2391
    • partially solved by https://github.com/packit/packit/pull/2402

lachmanfrantisek avatar Sep 05 '24 10:09 lachmanfrantisek