Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

workflow to create automated PRs to update bootstrap tools #1167

Merged
merged 1 commit into from
Aug 22, 2022

Conversation

westonsteimel
Copy link
Contributor

Signed-off-by: Weston Steimel weston.steimel@anchore.com

Signed-off-by: Weston Steimel <weston.steimel@anchore.com>
@westonsteimel westonsteimel force-pushed the update-bootstrap-tools-workflow branch from 0c1b681 to d41976c Compare August 18, 2022 19:17
@github-actions
Copy link

Benchmark Test Results

Benchmark results from the latest changes vs base branch
name                                                       old time/op    new time/op    delta
ImagePackageCatalogers/alpmdb-cataloger-2                    13.6ms ±17%    11.5ms ± 1%  -15.27%  (p=0.008 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2              1.49ms ± 2%    1.27ms ± 2%  -15.02%  (p=0.016 n=5+4)
ImagePackageCatalogers/python-package-cataloger-2            3.64ms ± 6%    3.24ms ± 1%  -11.01%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2    1.17ms ± 0%    1.03ms ± 0%  -12.12%  (p=0.016 n=4+5)
ImagePackageCatalogers/javascript-package-cataloger-2         859µs ± 3%     715µs ± 1%  -16.75%  (p=0.008 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                    1.01ms ± 2%    0.84ms ± 1%  -16.79%  (p=0.008 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                     1.45ms ± 6%    1.20ms ± 0%  -17.48%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      15.9ms ± 4%    14.2ms ± 1%  -10.28%  (p=0.008 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.40ms ± 4%    1.18ms ± 1%  -15.21%  (p=0.008 n=5+5)
ImagePackageCatalogers/go-module-binary-cataloger-2          2.32µs ± 3%    2.19µs ± 1%   -5.64%  (p=0.008 n=5+5)
ImagePackageCatalogers/dotnet-deps-cataloger-2               1.52ms ± 4%    1.32ms ± 0%  -13.26%  (p=0.008 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    819µs ± 4%     661µs ± 0%  -19.30%  (p=0.008 n=5+5)

name                                                       old alloc/op   new alloc/op   delta
ImagePackageCatalogers/alpmdb-cataloger-2                    5.26MB ± 0%    5.26MB ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               202kB ± 0%     202kB ± 0%     ~     (p=0.690 n=5+5)
ImagePackageCatalogers/python-package-cataloger-2             945kB ± 0%     944kB ± 0%   -0.08%  (p=0.008 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     214kB ± 0%     214kB ± 0%     ~     (p=0.849 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         158kB ± 0%     158kB ± 0%     ~     (p=0.889 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     203kB ± 0%     203kB ± 0%     ~     (p=0.841 n=5+5)
ImagePackageCatalogers/rpmdb-cataloger-2                      301kB ± 0%     302kB ± 0%   +0.19%  (p=0.008 n=5+5)
ImagePackageCatalogers/java-cataloger-2                      3.44MB ± 0%    3.44MB ± 0%     ~     (p=0.548 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                     1.25MB ± 0%    1.25MB ± 0%   -0.02%  (p=0.016 n=4+5)
ImagePackageCatalogers/go-module-binary-cataloger-2            672B ± 0%      672B ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                369kB ± 0%     369kB ± 0%     ~     (p=0.421 n=5+5)
ImagePackageCatalogers/portage-cataloger-2                    136kB ± 0%     136kB ± 0%     ~     (p=0.056 n=5+5)

name                                                       old allocs/op  new allocs/op  delta
ImagePackageCatalogers/alpmdb-cataloger-2                     85.7k ± 0%     85.7k ± 0%     ~     (p=0.556 n=5+4)
ImagePackageCatalogers/ruby-gemspec-cataloger-2               4.25k ± 0%     4.25k ± 0%     ~     (p=0.333 n=4+5)
ImagePackageCatalogers/python-package-cataloger-2             16.6k ± 0%     16.6k ± 0%     ~     (p=0.579 n=5+5)
ImagePackageCatalogers/php-composer-installed-cataloger-2     5.53k ± 0%     5.53k ± 0%     ~     (p=0.444 n=5+5)
ImagePackageCatalogers/javascript-package-cataloger-2         3.31k ± 0%     3.31k ± 0%     ~     (p=1.000 n=5+5)
ImagePackageCatalogers/dpkgdb-cataloger-2                     4.60k ± 0%     4.60k ± 0%     ~     (all equal)
ImagePackageCatalogers/rpmdb-cataloger-2                      8.12k ± 0%     8.12k ± 0%     ~     (all equal)
ImagePackageCatalogers/java-cataloger-2                       57.5k ± 0%     57.5k ± 0%     ~     (p=0.516 n=5+5)
ImagePackageCatalogers/apkdb-cataloger-2                      5.43k ± 0%     5.43k ± 0%     ~     (p=0.556 n=5+4)
ImagePackageCatalogers/go-module-binary-cataloger-2            15.0 ± 0%      15.0 ± 0%     ~     (all equal)
ImagePackageCatalogers/dotnet-deps-cataloger-2                7.27k ± 0%     7.27k ± 0%     ~     (all equal)
ImagePackageCatalogers/portage-cataloger-2                    3.59k ± 0%     3.59k ± 0%     ~     (all equal)

stable: ${{ env.GO_STABLE_VERSION }}

- run: |
GOLANGCILINT_LATEST_VERSION=$(go list -m -json github.com/golangci/golangci-lint@latest 2>/dev/null | jq -r '.Version')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL ubuntu-latest comes with jq

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

echo "::set-output name=COSIGN::COSIGN_LATEST_VERSION"
id: latest-versions

- uses: tibdex/github-app-token@v1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting! Why do we need to use this action for the workflow?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't actually know, that was something @kzantow had as part of the stereoscope update one, so I assumed it would need to be here also

Copy link
Contributor

@spiffcs spiffcs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with comments! I guess the best way to check the correctness here is to let it run and smooth any edge cases

@spiffcs spiffcs merged commit 5282820 into main Aug 22, 2022
@spiffcs spiffcs deleted the update-bootstrap-tools-workflow branch August 22, 2022 15:28
spiffcs added a commit to scothis/syft that referenced this pull request Aug 24, 2022
* main:
  Update syft bootstrap tools to latest versions. (anchore#1171)
  Fix update-bootstrap-tools workflow (anchore#1170)
  workflow to create automated PRs to update bootstrap tools (anchore#1167)
  feat: add support for licenses in package-lock json v2 (anchore#1164)
  External sources configuration (anchore#1158)
  feat: add support for pnpm (anchore#1166)
  Prevent symlinks causing duplicate package-file relationships (anchore#1168)
  Associate node package licenses from node_modules (anchore#1152)
  Give the contributing guide a substantial rework (anchore#1155)

Signed-off-by: Christopher Phillips <christopher.phillips@anchore.com>
spiffcs added a commit that referenced this pull request Aug 25, 2022
* main:
  Update syft bootstrap tools to latest versions. (#1176)
  enhance development support on macOS ARM (#1163)
  Capture if a node module is private (#1161)
  Find version numbers from jars with different naming conventions (#1174)
  Update syft bootstrap tools to latest versions. (#1171)
  Fix update-bootstrap-tools workflow (#1170)
  workflow to create automated PRs to update bootstrap tools (#1167)
  feat: add support for licenses in package-lock json v2 (#1164)
  External sources configuration (#1158)
  feat: add support for pnpm (#1166)
  Prevent symlinks causing duplicate package-file relationships (#1168)
  Associate node package licenses from node_modules (#1152)
aiwantaozi pushed a commit to aiwantaozi/syft that referenced this pull request Oct 20, 2022
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

2 participants