minder icon indicating copy to clipboard operation
minder copied to clipboard
verified publisher icon stacklok

Improvements around how we ingest/evaluate artifacts

Open rdimitrov opened this issue 2 years ago • 2 comments

This issue is a placeholder for a few items we discussed around improving the way we handle artifacts.

Details:

  1. We probably want smarter ways to filter container tags. e.g. via semver-matching, explicit regex, or exact match. This way we would be able to show more relevant info about the containers folks actually care about. Note that currently we support exact matching and regex.

  2. We need to pass something else than allow/deny in the rego engine so we can get more context on what tag failed. For example, for artifact versions we pass a list of properties to rego to check against the same list one can set in their profile. It would be handy to also get information around which property actually failed the evaluation.

  3. We need to have more general ways of filtering out the artifacts we want to evaluate on. Say.,.. I wanna evaluate everything except for some specific artifacts. This might also be applicable for tags. have an exclude list for specific tags

cc: @jhrozek @JAORMX

rdimitrov avatar Feb 01 '24 10:02 rdimitrov

Rado thinks we'll find this when we go to improve this area of the code further.

evankanderson avatar Oct 08 '24 13:10 evankanderson

Some portion of 1-3 may have been addressed by the following:

  • Entity properties
  • Profile selectors
  • The constraints rego validator.

evankanderson avatar Jan 28 '25 14:01 evankanderson