Including namespace of Coordinate in SW360Component name #380
Conversation
bs-ondem
force-pushed
the
bs-ondem/fix/better_component_name
branch
from
637c1b4 to
c3d7f5f
Compare
| .orElse(artifact.askFor(ArtifactFilename.class) | ||
| .flatMap(ArtifactFilename::getBestFilenameEntryGuess) | ||
| .map(ArtifactFilenameEntry::getFilename) | ||
| .orElse("")); |
There was a problem hiding this comment.
We could use something like a UUID for the name, an empty name is perhaps not the right option
| .orElse(artifact.askFor(ArtifactFilename.class) | ||
| .flatMap(ArtifactFilename::getBestFilenameEntryGuess) | ||
| .map(ArtifactFilenameEntry::getFilename) | ||
| .orElse("")); |
There was a problem hiding this comment.
I am not really happy with an empty string. This is the name that will stand in SW360 and there shouldn't be multiple ones with empty string. Additionally by this name the release with be searched, making wrong assignments to releases with the same version and also an empty string name very likely.
There was a problem hiding this comment.
I think, if there is no name here, we maybe shouldn't have this in SW360 at all.
@blaumeiser-at-bosch what do you think?
There was a problem hiding this comment.
That was my though as well, if we do not have enough meat to at least have a simple name, we should inform the user that there is something strange here, and we should not push arbitrary data to SW360. At least a filename should be there.
There was a problem hiding this comment.
Yes the user should be informed, but not in the adapter utils class? The component client will fail in creating a component with an empty string and will log an error.
There was a problem hiding this comment.
Do you mean when the request is made?
I feel like we should try to avoid making requests we know will fail to save resources.
There was a problem hiding this comment.
We are trying to avoid it with the CoordinatesValidator
There was a problem hiding this comment.
I totally agree that here is not the point of informing the user here. This is a helper who does something useful. The question is, whether no information at all should return an error aka an exception instead of an empty string?
There was a problem hiding this comment.
Just for clarity, is that the flow you want?
if AritfactCoordinate then
return <component name extracted from Coordinates>
else if ArtifactFilename then
return <component name extracted from ArtifactFilenameEntry>
else
throw new ExecutionException(..);
There was a problem hiding this comment.
Yes, I think this makes sense. This exception can be caught and it is easier to distinguish between make the right thing and do something exceptional
|
Just as a question. Does this PR also coincidentally solve this issue: #348 ? |
|
@neubs-bsi I'm not sure, but I will have a look at it after improving my changes based on your comments. |
bs-ondem
force-pushed
the
bs-ondem/fix/better_component_name
branch
from
debfda2 to
3b5aef2
Compare
| .orElseGet(() -> artifact.askFor(ArtifactFilename.class) | ||
| .flatMap(ArtifactFilename::getBestFilenameEntryGuess) | ||
| .map(ArtifactFilenameEntry::getFilename) | ||
| .orElseThrow(() -> new ExecutionException("No suitable component name found."))); |
There was a problem hiding this comment.
Error message is misleading. Should be something like artifact does not have enough information to build a name + artifact.toString() or something like this, Enough information that allows us to understand what is going on, if a customer comes back to us with this problem!
| String componentName = SW360ComponentAdapterUtils.createComponentName(artifact); | ||
| return getComponentByName(componentName, header); | ||
| } catch (ExecutionException e) { | ||
| LOGGER.debug("No component found for {}. Reason: {}", artifact, e.getMessage()); |
There was a problem hiding this comment.
Always log the exception, especially debug messages are meant for us to understand what is going on, if a user comes back to us, so don't be shy and print out whatever you think could help us in identifying the problem.
| } | ||
| releases.add(sw360ReleaseFinal); | ||
| } catch(Exception e) { |
There was a problem hiding this comment.
Never catch a generic Exception, you also catch all RuntimeExceptions and the like, which should not be caught.
| } | ||
| releases.add(sw360ReleaseFinal); | ||
| } catch(Exception e) { | ||
| LOGGER.warn("Release for {} will not be created in SW360 due to missing facts. Reason: {}", |
There was a problem hiding this comment.
Also log the exception as debug entry! Actually I think this should even be logged as an error because the user might ignore warnings, but with this issue here, he will never get an approval for the project, he has to do something and this is necessary to address with him
Actually, the log message should contain a hint about what needs to be done. Without the component in SW360, the compliance office will not work on the component. What can he do to solve this? Good question, isn't it, can he do something in the config file?
I have to admit, I miss the situation as of now, where this case can happen at all because we will detect either a coordinate because we get information from a package manager, or we detect a file so we have at least a filename. Is there any way, in which we can detect a dependency without any information? I have no idea how. Since we do not expect that, perhaps it is even feasible to break completely, so no caught exception here. If something happens, that cannot be, it is best to not react at all, so that the user is coming to us in order to solve the issue.
There was a problem hiding this comment.
Yes, when a component is added via the antennaconf.xml this can happen.
Especially then it is important that the user adds enough information so this component can be used correctly.
There was a problem hiding this comment.
THen we should break at reading in the config file if we cannot detect enough informationen for a coordinate.
There was a problem hiding this comment.
Follow up issue for config.xml #384
bs-ondem
force-pushed
the
bs-ondem/fix/better_component_name
branch
2 times, most recently
from
52388d1 to
5bd9d75
Compare
Fixes eclipse-archived#371 Creating the name of the SW360Component with the namespace and name of the Coordinate fact of the artifact using a '/' as the delimiter identical to the PURLs. The SW360ComponentAdapterUtils::createComponentName method tries to extract the component name from the ArtifactCoordinate fact first. If it doesn't exist, it extracts it from the ArtifactFilename fact. Otherwise it will throw an ExecutionException. Signed-off-by: Onur Demirci <Onur.Demirci@Bosch-si.com>
bs-ondem
force-pushed
the
bs-ondem/fix/better_component_name
branch
from
5bd9d75 to
46e3bdd
Compare
Fixes #371
Creating the name of the SW360Component with the namespace and name of
the Coordinate fact of the artifact using a '/' as the delimiter
identical to the PURLs.
The SW360ComponentAdapterUtils::createComponentName method tries to
extract the component name from the ArtifactCoordinate fact first. If
it doesn't exist, it extracts it from the ArtifactFilename fact.
Otherwise it returns an empty string.
Request Reviewer
@blaumeiser-at-bosch @neubs-bsi
Type of Change
improvements
How Has This Been Tested?
Checklist
Must:
Optional: