alitheg commented on code in PR #442:
URL:
https://github.com/apache/tooling-trusted-releases/pull/442#discussion_r2645365879
##########
atr/get/sbom.py:
##########
@@ -56,16 +59,55 @@ async def report(session: web.Committer, project: str,
version: str, file_path:
release = await session.release(project, version,
phase=sql.ReleasePhase.RELEASE_CANDIDATE, with_committee=True)
is_release_candidate = release.phase == sql.ReleasePhase.RELEASE_CANDIDATE
+ task, augment_tasks, osv_tasks = await _fetch_tasks(validated_path_str,
project, release, version)
+
+ task_status = await _report_task_results(block, task)
+ if task_status:
+ return task_status
+
+ if task is None or (not isinstance(task.result, results.SBOMToolScore)):
+ raise base.ASFQuartException("Invalid SBOM score result",
errorcode=500)
+
+ task_result = task.result
+ _report_header(block, is_release_candidate, release, task_result)
+
+ if not is_release_candidate:
+ latest_augment = None
+ last_augmented_bom = None
+ if len(augment_tasks) > 0:
+ latest_augment = augment_tasks[0]
+ augment_results: list[Any] = [t.result for t in augment_tasks]
+ augmented_bom_versions = [
+ r.bom_version for r in augment_results if (r is not None) and
(r.bom_version is not None)
+ ]
+ if len(augmented_bom_versions) > 0:
+ last_augmented_bom = max(augmented_bom_versions)
+ _augment_section(block, release, task_result, latest_augment,
last_augmented_bom)
+
+ _conformance_section(block, task_result)
+ _license_section(block, task_result)
+
+ _vulnerability_scan_section(block, project, version, file_path,
task_result, osv_tasks, is_release_candidate)
+
+ _outdated_tool_section(block, task_result)
+
+ _cyclonedx_cli_errors(block, task_result)
+
+ return await template.blank("SBOM report", content=block.collect())
+
+
+async def _fetch_tasks(
+ file_path: str, project: str, release: sql.Release, version: str
+) -> tuple[sql.Task | None, collections.abc.Sequence[sql.Task],
collections.abc.Sequence[sql.Task]]:
async with db.session() as data:
via = sql.validate_instrumented_attribute
- # TODO: Abstract this code and the sbomtool.MissingAdapter validators
Review Comment:
Maybe the validators - I assumed part of the TODO was pulling them out of
the main route method. I'll re-add
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
