refactor(vcs): VCS configuration to support common and custom attributes #9271
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #9271 +/- ##
============================================
- Coverage 67.67% 63.95% -3.72%
- Complexity 1223 1245 +22
============================================
Files 244 254 +10
Lines 8626 9298 +672
Branches 911 1035 +124
============================================
+ Hits 5838 5947 +109
- Misses 2413 2938 +525
- Partials 375 413 +38
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
5 times, most recently
from
60b8d10
to
ae31656
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
5 times, most recently
from
1cf9421
to
ce5d30c
Compare
|
I believe the options for configuring submodule recursion could be injected via package curations. Have you considered this? |
|
@fviernau Hello, can you explain a little bit more please? |
I believe it makes sense to have the ability to configure this separate per dependency.
|
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
2 times, most recently
from
d9ef04f
to
caa86ed
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
caa86ed
to
8217cc4
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
8217cc4
to
a7c9533
Compare
To add to this, I believe in order to implement the above it would be necessary to pass We could right away unify this instead of introducing two ways to tell the behavior. In particular, |
|
@fviernau I think I understand your concerns. However, my key issue is that there are very large repositories that act as kind of umbrella around other repositories, having already more than 50 git submodules in the first layer. These submodules then also have submodules and so on. One can't even be sure that there are no cycles in this nested submodules. ORT currently cannot even download these repositories, we tried it out and stopped it after several hours. |
My concerns were not about the what but about the how. So, I generally agree that it makes sense that ORT provides a way to configure this. It also wasn't meant as a strict concern, but I wanted to make sure this is considered before committing to some solution. Maybe @sschuberth @mnonnenmacher any thoughts? Another related thing: A while ago we've invented "scan by repository", which changed the scanner to no more clone recursively IIRC. The only place where recursive cloning is happening is in the provenance resolution stage IIRC. There had been an idea of mine, I believe I brought this up already longer time ago, to rewrite that provenance resolved so that it works without cloning recursively. The resolved would itself in Kotlin the recurse, but not use the VCSes recursion capabilities. If we would go that road, then configuring the recursion depth would be a configuration of that resolved, not of the VCS plugin. This is another indication (to me) that configuring this at the VCS plugin level may not be the right place. @wkl3nk can you confirm that the issue happens during provenance resolution? All in all, I more and more think this should be considered configuration of ORT, not of VCS plugin. |
|
@fviernau wrote
Would "provenance resolution" mean that the Analyzer has scanned for dependency management files? If yes, then the answer is: No - The inflexibility lies in the downloader, it is the default to do a "git submodule --init --recursive" to all submodules. So the Analyzer never ever kicks in, because it just is not possible in a reasonable time and space to download all these > 50 nested submodules and their respective submodules and so on. That's the reason for going in the direction to be able to configure the ORT Downloader in |
|
Hello @sschuberth , the UI tells me 1 change requested from your side, but unfortunately I cannot find it. Maybe it was overwritten somehow when I did a force push? Could you please support me in locating this change request. |
There was a problem hiding this comment.
I believe this PR needs some refactoring to be in line with the plugin factory concept of other plugins, and to not interfere with the new plugin API created by @mnonnenmacher.
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
fb56259
to
41c051f
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
41c051f
to
0509c0a
Compare
plugins/version-control-systems/git/src/main/kotlin/VersionControlSystemFactory.kt
Fixed
Show fixed
Hide fixed
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
0509c0a
to
5221536
Compare
plugins/version-control-systems/subversion/src/main/kotlin/Subversion.kt
Fixed
Show fixed
Hide fixed
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
4 times, most recently
from
c66ccf6
to
307fa1a
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
307fa1a
to
04c00b5
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
04c00b5
to
f8e6bb6
Compare
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
2 times, most recently
from
df4a6fa
to
baca8ab
Compare
While VCS implementations are already plugins, they are not yet configurable. VCS implementations require common configurations (e.g., `revision`, `recursive`) and should support also VCS-specific configurations if they are consumed via their API. This allows to add functionality to individual VCS implementations without the need to implement them for all of them. Fixes oss-review-toolkit#8556. Signed-off-by: Wolfgang Klenk <[email protected]>
For large repositories with many layers of nested Git submodules, the download process can be very time-consuming and often results in duplicate projects in the tree of nested submodules. This feature introduces configuration options to limit the recursive checkout of nested Git submodules to the first layer, optimizing performance and reducing redundancy. Additionally, it also allows to limit the depth of commit history to fetch when downloading the projects. Signed-off-by: Wolfgang Klenk <[email protected]>
wkl3nk
force-pushed
the
wkl3nk/make-vcs-plugins-configurable
branch
from
baca8ab
to
6c28dc0
Compare
|
Now using the new Plugin concept that is based on |
Before I start review, I'd like @mnonnenmacher to comment whether this "intermediate step" is meaningful to do (now that it's already there...) instead of straight migrating all VCS to the KSP-based plugin mechanism in the context of #9403. |
It would have made sense to use the KSP plugin API right away, however, now that it is implemented, the effort to do it in this PR or another one would be the same, so both would be fine with me. @wkl3nk However, I have a conceptual question: In a usual ORT pipeline the downloader is used in two places:
The new options you introduce are to my understanding only relevant for the first step to limit the downloaded sources of the project itself. But they should not be applied within the scanner, because you cannot know beforehand if the dependencies use any submodules and if they need to be scanned or not. |
@mnonnenmacher The functionality can out of the box now be used for the Downloader stage, meaning in the typical workflow where the ORT CLI is first used to download the repository. It supports adding VCS specific configurations for e.g. Git. For instance, you can configure in .ort/config/config.yml if only the first layer of submodules shall be downloaded, in case you need to deal with repositories with many many nested submodule layers. Once the repository is downloaded, it can be analyzed and scanned with other options of the ORT CLI. In ORT Server, where we don't have this Downloader stage, and instead the Downloader is instantiated and used in the code, just before the Analyzer, this change also allows to configure the VCSs in a flexible way. How this is done would be a question within the context of the ORT Server, so this PR is more or less only the groundwork to make it possible to configure VCSs. |
While VCS implementations are already plugins, they are not yet configurable. VCS implementations require common configurations (e.g.,
revision,recursive) and should support also VCS-specific configurations if they are consumed via their API.This allows to add functionality to individual VCS implementations without the need to implement them for all of them.
This refactoring keeps the common configuration attributes as they are, while VCS-specific configurations are stored generically in an
optionsattribute.The change also adds VCS-specific configuration options for Git: The strategy for checking out repositories with submodules now allows to only check out the first layer of submodules.
Example configuration in
config.yml:The change is split up into 2 commits:
For more details, please have a look at the respective commits.
Fixes #8556.