Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate Npm importer to aboutcode pipeline #1574

Merged
merged 5 commits into from
Sep 19, 2024
Merged

Migrate Npm importer to aboutcode pipeline #1574

merged 5 commits into from
Sep 19, 2024

Conversation

keshav-space
Copy link
Member

@keshav-space keshav-space mentioned this pull request Aug 28, 2024
Open
36 tasks
@keshav-space keshav-space self-assigned this Sep 2, 2024
@TG1999
Copy link
Contributor

TG1999 commented Sep 12, 2024
edited
Loading

@keshav-space is there anything remaining here, can we go ahead and review / merge this ?

@keshav-space
Copy link
Member Author

is there anything remaining here, can we go ahead and review / merge this ?

@TG1999 I will add a small data migration to change the value of created_by field on the old npm advisory to our new pipeline_id, and then ping you for review/merge.

@TG1999
Copy link
Contributor

TG1999 commented Sep 12, 2024

@keshav-space sure, let me know when it's ready for review

@keshav-space keshav-space force-pushed the npm-importer-pipeline branch 2 times, most recently from 759a090 to 04442b7 Compare September 13, 2024 11:36
@keshav-space
Copy link
Member Author

sure, let me know when it's ready for review

@TG1999 ready for your review :)

@TG1999
Copy link
Contributor

TG1999 commented Sep 17, 2024

ping @TG1999

@keshav-space
Move NpmImporter to pipeline directory
247841b 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
@keshav-space
Migrate Npm importer to aboutcode pipeline
9ef8038 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
@keshav-space
Use pipeline_id for created_by field
e5ddea0 
- For now pipeline_id should be module name of pipeline

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
@keshav-space
Add data migration for old npm and pypa advisory
baa3fd5 
- Update the created_by field on old advisory to new pipeline_id

Signed-off-by: Keshav Priyadarshi <git@keshav.space>
@keshav-space
Resolve migration conflict
58e738c 
Signed-off-by: Keshav Priyadarshi <git@keshav.space>
TG1999
TG1999 approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@keshav-space
Copy link
Member Author

Log from a clean run.

❯ python3 manage.py import npm_importer
Importing data using npm_importer
INFO 2024-09-19 13:54:21.715 Pipeline [NpmImporterPipeline] starting
INFO 2024-09-19 13:54:21.715 Step [clone] starting
INFO 2024-09-19 13:54:21.715 Cloning `git+https://github.com/nodejs/security-wg`
INFO 2024-09-19 13:54:23.075 Step [clone] completed in 1 seconds
INFO 2024-09-19 13:54:23.076 Step [collect_and_store_advisories] starting
INFO 2024-09-19 13:54:23.157 Progress: 10% (47/468) ETA: 1 seconds
INFO 2024-09-19 13:54:23.251 Progress: 20% (94/468) ETA: 1 seconds
INFO 2024-09-19 13:54:23.327 Progress: 30% (141/468) ETA: 1 seconds
INFO 2024-09-19 13:54:23.380 Successfully collected 176 advisories
INFO 2024-09-19 13:54:23.380 Step [collect_and_store_advisories] completed in 0 seconds
INFO 2024-09-19 13:54:23.380 Step [import_new_advisories] starting
INFO 2024-09-19 13:54:23.381 Importing 176 new advisories
INFO 2024-09-19 13:54:23.567 Progress: 10% (18/176) ETA: 2 seconds
INFO 2024-09-19 13:54:23.738 Progress: 20% (36/176) ETA: 1 seconds
INFO 2024-09-19 13:54:23.925 Progress: 30% (53/176) ETA: 1 seconds
INFO 2024-09-19 13:54:24.182 Progress: 40% (71/176) ETA: 1 seconds
Failed to get exact purls for: AffectedPackage(package=PackageURL(type='npm', namespace=None, name='fury-adapter-swagger', version=None, qualifiers={}, subpath=None), affected_version_range=NpmVersionRange(constraints=(VersionConstraint(comparator='>=', version=SemverVersion(string='0.2.0')), VersionConstraint(comparator='>=', version=SemverVersion(string='0.8.0-pre')), VersionConstraint(comparator='<', version=SemverVersion(string='0.8.0')), VersionConstraint(comparator='>=', version=SemverVersion(string='0.8.0')), VersionConstraint(comparator='<', version=SemverVersion(string='0.8.1')), VersionConstraint(comparator='<=', version=SemverVersion(string='0.9.6')))), fixed_version=None) with error: InvalidConstraintsError("Invalid constraints sequence: ('>= 0.2.0','>= 0.8.0-pre') in [VersionConstraint(comparator='>=', version=SemverVersion(string='0.2.0')), VersionConstraint(comparator='>=', version=SemverVersion(string='0.8.0-pre')), VersionConstraint(comparator='<', version=SemverVersion(string='0.8.0')), VersionConstraint(comparator='>=', version=SemverVersion(string='0.8.0')), VersionConstraint(comparator='<', version=SemverVersion(string='0.8.1')), VersionConstraint(comparator='<=', version=SemverVersion(string='0.9.6'))]")
INFO 2024-09-19 13:54:24.419 Progress: 50% (88/176) ETA: 1 seconds
INFO 2024-09-19 13:54:24.616 Progress: 60% (106/176) ETA: 1 seconds
Failed to get exact purls for: AffectedPackage(package=PackageURL(type='npm', namespace=None, name='node.extend', version=None, qualifiers={}, subpath=None), affected_version_range=NpmVersionRange(constraints=(VersionConstraint(comparator='<', version=SemverVersion(string='1.1.7')), VersionConstraint(comparator='<', version=SemverVersion(string='2.0.1')))), fixed_version=None) with error: InvalidConstraintsError("Invalid constraints sequence: ('< 1.1.7','< 2.0.1') in [VersionConstraint(comparator='<', version=SemverVersion(string='1.1.7')), VersionConstraint(comparator='<', version=SemverVersion(string='2.0.1'))]")
INFO 2024-09-19 13:54:24.798 Progress: 70% (124/176) ETA: 1 seconds
INFO 2024-09-19 13:54:24.975 Progress: 80% (141/176)
INFO 2024-09-19 13:54:25.182 Progress: 90% (159/176)
INFO 2024-09-19 13:54:25.337 Progress: 100% (176/176)
Failed to get exact purls for: AffectedPackage(package=PackageURL(type='npm', namespace=None, name='electron', version=None, qualifiers={}, subpath=None), affected_version_range=NpmVersionRange(constraints=(VersionConstraint(comparator='<', version=SemverVersion(string='2.0.18')), VersionConstraint(comparator='<', version=SemverVersion(string='3.0.16')), VersionConstraint(comparator='<', version=SemverVersion(string='3.1.6')), VersionConstraint(comparator='<', version=SemverVersion(string='4.0.8')), VersionConstraint(comparator='<', version=SemverVersion(string='5.0.0-beta.5')))), fixed_version=None) with error: InvalidConstraintsError("Invalid constraints sequence: ('< 2.0.18','< 3.0.16') in [VersionConstraint(comparator='<', version=SemverVersion(string='2.0.18')), VersionConstraint(comparator='<', version=SemverVersion(string='3.0.16')), VersionConstraint(comparator='<', version=SemverVersion(string='3.1.6')), VersionConstraint(comparator='<', version=SemverVersion(string='4.0.8')), VersionConstraint(comparator='<', version=SemverVersion(string='5.0.0-beta.5'))]")
INFO 2024-09-19 13:54:25.363 Successfully imported 176 new advisories
INFO 2024-09-19 13:54:25.364 Step [import_new_advisories] completed in 2 seconds
INFO 2024-09-19 13:54:25.364 Step [clean_downloads] starting
INFO 2024-09-19 13:54:25.364 Removing cloned repository
INFO 2024-09-19 13:54:25.371 Step [clean_downloads] completed in 0 seconds
INFO 2024-09-19 13:54:25.371 Pipeline completed in 4 seconds

@keshav-space keshav-space merged commit 094c2bf into main Sep 19, 2024
9 checks passed
@keshav-space keshav-space deleted the npm-importer-pipeline branch September 19, 2024 14:04
@pombredanne pombredanne added 1-next and removed 9-next labels Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TG1999 TG1999 TG1999 approved these changes

Assignees

@keshav-space keshav-space

Labels
1-next
Projects
04-VulnerableCode Data Quality and next
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@keshav-space @TG1999 @pombredanne