-
Notifications
You must be signed in to change notification settings - Fork 567
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: separate golang license caches from mod dir #2852
fix: separate golang license caches from mod dir #2852
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great! I feel like this is something we can build on over time too.
Since this PR doesn't introduce mechanisms for cache invalidation, users will start to have new cache directories that will continue to grow (this is different than grype, where new DBs get replaced).
I feel like before merging this there should be an answer to how a user would delete the cache or how syft would automatically do this... this could be:
- like you brought up on the call, allow for TTL configuration and track in the cache dir track last write date so we can clean up periodically.
- maybe add a
cache list
andcache delete
subcommands to syft
…cache Signed-off-by: Keith Zantow <kzantow@gmail.com>
2943b4e
to
02b13e9
Compare
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
…s originated, cache resolver includes version, fix some git download cases Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
Signed-off-by: Keith Zantow <kzantow@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This cache foundation is awesome ❤️ 🚀
Hi @wagoodman, @kzantow
Thanks for the info, For other users it might be good to have a choice
BR, |
Hey @Joerki -- we are going to improve the configuration in the near future. The current configuration options allows you to achieve the different options you mentioned. There is a cache directory ( There is also a cache TTL, specifying the time-to-live of cache items, but this does not delete them currently. We plan to add a And there's an obvious |
* main: chore(deps): update tools to latest versions (#2961) chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 (#2964) feat: index known CPEs for wordpress plugins and themes (#2963) fix(golang): improve version extraction from ldflags for pingcap TiDB (#2962) chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2955) chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 (#2956) fix: separate golang license caches from mod dir (#2852) chore(deps): bump github.com/vbatts/go-mtree from 0.5.3 to 0.5.4 (#2952) chore(deps): update tools to latest versions (#2949) chore(deps): bump modernc.org/sqlite from 1.30.0 to 1.30.1 (#2950)
* main: chore(deps): update tools to latest versions (#2961) chore(deps): bump github/codeql-action from 3.25.9 to 3.25.10 (#2964) feat: index known CPEs for wordpress plugins and themes (#2963) fix(golang): improve version extraction from ldflags for pingcap TiDB (#2962) chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#2955) chore(deps): bump github/codeql-action from 3.25.8 to 3.25.9 (#2956) fix: separate golang license caches from mod dir (#2852) chore(deps): bump github.com/vbatts/go-mtree from 0.5.3 to 0.5.4 (#2952) chore(deps): update tools to latest versions (#2949) chore(deps): bump modernc.org/sqlite from 1.30.0 to 1.30.1 (#2950) Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
Previously, license handling in Golang had a few quirks and may not function if the go mod directory did not exist.
This PR makes the following changes:
TODO:
syft /
)syft cache
command to view/manage the cache as part of this PR (answer: no, we are caching significantly less data than syft was previously)Fixes: #2798 #1933