codeant-ai-for-open-source[bot] commented on code in PR #38651:
URL: https://github.com/apache/superset/pull/38651#discussion_r2935378999
##########
superset-extensions-cli/src/superset_extensions_cli/cli.py:
##########
@@ -372,9 +374,99 @@ def validate() -> None:
click.secho(" Convention requires: frontend/src/index.tsx",
fg="yellow")
sys.exit(1)
+ # Validate version consistency across extension.json, frontend, and backend
+ version_mismatches: list[str] = []
+ frontend_pkg_path = cwd / "frontend" / "package.json"
+ if frontend_pkg_path.is_file():
+ frontend_pkg = read_json(frontend_pkg_path)
+ if frontend_pkg and frontend_pkg.get("version") != extension.version:
+ version_mismatches.append(
+ f" frontend/package.json: {frontend_pkg.get('version')} "
+ f"(expected {extension.version})"
+ )
+
+ backend_pyproject_path = cwd / "backend" / "pyproject.toml"
+ if backend_pyproject_path.is_file():
+ backend_pyproject = read_toml(backend_pyproject_path)
+ if backend_pyproject:
+ backend_version = backend_pyproject.get("project",
{}).get("version")
+ if backend_version != extension.version:
+ version_mismatches.append(
+ f" backend/pyproject.toml: {backend_version} "
+ f"(expected {extension.version})"
+ )
+
+ if version_mismatches:
+ click.secho("❌ Version mismatch detected:", err=True, fg="red")
+ for mismatch in version_mismatches:
+ click.secho(mismatch, err=True, fg="red")
+ click.secho(
+ "Run `superset-extensions update` to sync versions from
extension.json.",
+ fg="yellow",
+ )
+ sys.exit(1)
+
click.secho("✅ Validation successful", fg="green")
[email protected]()
[email protected](
+ "--version",
+ "version_opt",
+ default=None,
+ help="Set a new version (updates extension.json first, then syncs).",
+)
+def update(version_opt: str | None) -> None:
+ """Update derived and generated files in the extension project."""
+ cwd = Path.cwd()
+
+ extension_json_path = cwd / "extension.json"
+ extension_data = read_json(extension_json_path)
+ if not extension_data:
+ click.secho("❌ extension.json not found.", err=True, fg="red")
+ sys.exit(1)
+
+ try:
+ extension = ExtensionConfig.model_validate(extension_data)
+ except Exception as e:
+ click.secho(f"❌ Invalid extension.json: {e}", err=True, fg="red")
+ sys.exit(1)
+
+ updated: list[str] = []
+
+ if version_opt and version_opt != extension.version:
+ extension_data["version"] = version_opt
+ write_json(extension_json_path, extension_data)
+ updated.append("extension.json")
+ target_version = version_opt
+ else:
+ target_version = extension.version
+
Review Comment:
**Suggestion:** The `--version` value is written to `extension.json` without
validating it against the extension schema, so an invalid version string can be
persisted and later commands will fail when parsing the file. Validate the
mutated config before writing and exit cleanly on schema errors. [logic error]
<details>
<summary><b>Severity Level:</b> Critical 🚨</summary>
```mdx
- ❌ `update --version` can persist invalid extension.json.
- ❌ Later `validate` and `build` fail immediately.
- ⚠️ CI checks fail after bad local update.
```
</details>
```suggestion
if version_opt and version_opt != extension.version:
extension_data["version"] = version_opt
try:
ExtensionConfig.model_validate(extension_data)
except Exception as e:
click.secho(f"❌ Invalid version '{version_opt}': {e}", err=True,
fg="red")
sys.exit(1)
write_json(extension_json_path, extension_data)
updated.append("extension.json")
target_version = version_opt
else:
target_version = extension.version
```
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Run CLI update with invalid semantic version via `update --version`, the
same entry
point exercised in `superset-extensions-cli/tests/test_cli_update.py:90`
(`cli_runner.invoke(app, ["update", "--version", ...])`).
2. In `superset-extensions-cli/src/superset_extensions_cli/cli.py:437-444`,
the code
assigns `extension_data["version"] = version_opt` and immediately persists
it with
`write_json(...)` at line 439 without re-validating the mutated object.
3. `write_json` in
`superset-extensions-cli/src/superset_extensions_cli/utils.py:114-116`
writes invalid data to disk, and command still exits successfully.
4. Run `validate` or `build`; both parse `extension.json` using
`ExtensionConfig.model_validate(...)` (`cli.py:312` and `cli.py:430`), and
schema rejects
bad version because `ExtensionConfig.version` enforces `VERSION_PATTERN`
(`superset-core/src/superset_core/extensions/types.py:59-63`, constants
`^\d+\.\d+\.\d+$`).
```
</details>
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset-extensions-cli/src/superset_extensions_cli/cli.py
**Line:** 437:444
**Comment:**
*Logic Error: The `--version` value is written to `extension.json`
without validating it against the extension schema, so an invalid version
string can be persisted and later commands will fail when parsing the file.
Validate the mutated config before writing and exit cleanly on schema errors.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38651&comment_hash=5d24f9749bfa4fb98247673ef4b8cf9c4221200eaf789c751ff6f9b01e906a3e&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38651&comment_hash=5d24f9749bfa4fb98247673ef4b8cf9c4221200eaf789c751ff6f9b01e906a3e&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
