Skip to content

refactor: ecosystem helpers #3892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
michaelkedar merged 5 commits into from
Sep 10, 2025
Merged

refactor: ecosystem helpers #3892

michaelkedar merged 5 commits into from
Sep 10, 2025

Conversation

@michaelkedar
Copy link
Member

@michaelkedar michaelkedar commented Sep 3, 2025

Closes #3745

  • Refactored the ecosystem base class to split it into two: OrderedEcosystem (for ones that implement sort_key only) and EnumerableEcosystem (which has enumerate versions)
  • Removed a few unused / unnecessary methods that were on the old Ecosystem class
    • kept next_version (but marked it as deprecated) since only malicious packages uses it to convert some ghsa records.
  • Got rid of OrderingUnsupportedEcosystem since it's no longer particularly useful.
  • Consolidated APK-, RPM-, and dpkg-based helpers under a single helper (closes Unify APK/RPM ecosystem helpers #3431)

I also updated the copyright year on all the ecoystems py files :)

I think this also incidentally closes #3063, since supports_comparing is no longer used (it will be superseded by #3850 anyway).

another-rex
another-rex previously approved these changes Sep 4, 2025
View reviewed changes
Copy link
Contributor

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great!

osv/ecosystems/_ecosystems.py
'Ubuntu': Ubuntu,
'Wolfi': APK,

# Ecosystems known in the schema, but without implementations.
Copy link
Contributor

@another-rex another-rex Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... is there a test we can add here that reads the ecosystems.json in the osv-schema repo and checks it against this.?

Copy link
Member Author

@michaelkedar michaelkedar Sep 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember bringing this up a while ago - #2615 (comment)

Not sure if you agree/disagree with Andrew's reasoning here. With renovate automatically updating the osv-schema it probably would always fail the tests.

Copy link
Contributor

@another-rex another-rex Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That should be fine though, with the recent ecosystems, they made both PRs (osv-schema and osv.dev _ecosystem.py) simultaneously. So we just need to merge the ecosystems.py PR before updating the schema to the newest version and it should work right?

Copy link
Member Author

@michaelkedar michaelkedar Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We currently have a test that checks that all the ecosystems in _ecosystems.py are valid ecosystems in the schema. Adding the vice versa test (that all schema ecosystems are in _ecosystems.py) would mean we'd always have to update both at the same time.

Copy link
Contributor

@another-rex another-rex Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see..., let's leave it as it is then.

osv/ecosystems/bioconductor_test.py
self.assertEqual('1.20.0', ecosystem.next_version('a4', '1.18.0'))
with self.assertRaises(ecosystems.EnumerateError):
ecosystem.next_version('doesnotexist123456', '1')
with warnings.catch_warnings():
Copy link
Contributor

@another-rex another-rex Sep 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did not know warnings was a thing, wow.

cuixq
cuixq previously approved these changes Sep 4, 2025
View reviewed changes
Copy link
Contributor

@cuixq cuixq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

jess-lowe
jess-lowe previously approved these changes Sep 4, 2025
View reviewed changes
@michaelkedar michaelkedar dismissed stale reviews from jess-lowe, cuixq, and another-rex via 7cba064 September 4, 2025 23:55
@michaelkedar michaelkedar merged commit 34aae52 into google:master Sep 10, 2025
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@another-rex another-rex another-rex left review comments

@jess-lowe jess-lowe jess-lowe approved these changes

@cuixq cuixq cuixq left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Refactor Ecosystem helper interface Unify APK/RPM ecosystem helpers Switch all ecosystem version queries to range match

4 participants

@michaelkedar @cuixq @jess-lowe @another-rex