Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification / Best Practice required on how to handle multiple analyzer-result.yml files #4364

Open
nikpete opened this issue Aug 16, 2021 · 7 comments
Open

Clarification / Best Practice required on how to handle multiple analyzer-result.yml files #4364

nikpete opened this issue Aug 16, 2021 · 7 comments
Labels
documentation About end-user documentation question An issue that is actually a question

Comments

@nikpete
Copy link

nikpete commented Aug 16, 2021

All,

We do have several use cases where an overarching project might consists of multiple services and product teams. Therefore, multiple analyzer-result.yml file will be submitted (let's say 10+) because the project is simply not able to generate ONE .yml file (i.e. technical restrictions, mono repo)

  1. I would like to understand if there is an automatic way (best practice) how we can merge (in ORT) multiple yml. files into ONE?
  2. The merge of multiple yml. files should also remove possibe duplicates (FOSS-componentes that are reused in all the repositories and are part of the different .yml files) because currently we are doing it manually which is to be honest a "pain in the ass".

Thanks,
Nik
@sschuberth
Copy link
Member

Sounds like a good fit a new helper-cli subcommand, or @fviernau?

@sschuberth sschuberth added the question An issue that is actually a question label Aug 16, 2021
@nikpete
Copy link
Author

nikpete commented Aug 26, 2021

@sschuberth We are currently in the process of implementing this function. Once ready, we are going to create a pull request.

@sschuberth sschuberth changed the title Clarification / Best Practice required on how to handle multiple analyzer-result.yml files that result from a mono repo Clarification / Best Practice required on how to handle multiple analyzer-result.yml files that result from multiple repos Sep 16, 2021
@sschuberth sschuberth changed the title Clarification / Best Practice required on how to handle multiple analyzer-result.yml files that result from multiple repos Clarification / Best Practice required on how to handle multiple analyzer-result.yml files Sep 16, 2021
@sschuberth sschuberth assigned nikpete and unassigned nikpete Sep 17, 2021
@sschuberth
Copy link
Member

@porsche-rishisaxena, FYI, I can only assign @nikpete as he's the reporter (and none of you are project members, yet).

porsche-rbieniek added a commit to porsche-rbieniek/ort that referenced this issue May 4, 2022
@porsche-rbieniek
Helper CLI function for merging muliple analyzer results into one
3921be8 
This helper CLI function is used by Porsche to solve the issue oss-review-toolkit#4364

The rationale behind this is that some projects at Porsche deliver individual analyzer-results for each subproject in a large monorepo. The FOSS analysts need to see a condensed form of the individual dependency graphs across the project monorep. We solve this issue by merging all individual analyzer results into one.

Signed-off-by: Rainer Bieniek <extern.rainer.bieniek@porsche.de>
@porsche-rbieniek
Copy link

Porsche solution submitted as #5315

@porsche-rbieniek porsche-rbieniek mentioned this issue May 4, 2022
Closed
@sschuberth
Copy link
Member

Porsche solution submitted as #5315

Please associate issues with PRs by using one of the respective keywords in one of the commits in the PR instead of manually adding comments.

@mnonnenmacher
Copy link
Member

For reference, if all code is located in Git repositories, a possible workaround for this issue is to create a new Git repository with all the other Git repositories as submodules. You can then use the new Git repository as input for the analyzer to get a single analyzer result with correct provenance information for all projects.

porsche-rbieniek added a commit to porsche-rbieniek/ort that referenced this issue May 12, 2022
@porsche-rbieniek
This helper CLI function is used by Porsche to solve the issue oss-re…
70ab18b 
…view-toolkit#4364

The rationale behind this is that some projects at Porsche deliver individual analyzer-results for each subproject in a large monorepo. The FOSS analysts need to see a condensed form of the individual dependency graphs across the project monorep. We solve this issue by merging all individual analyzer results into one.

This commit fixes issues raised during the community code review.

Signed-off-by: Rainer Bieniek <extern.rainer.bieniek@porsche.de>
porsche-rbieniek added a commit to porsche-rbieniek/ort that referenced this issue Jul 4, 2022
@porsche-rbieniek
helper-cli: Add helper command for merging analyzer result files
9472c74 
This helper CLI function is used by Porsche to solve the issue oss-review-toolkit#4364

The rationale behind this is that some projects at Porsche deliver individual
analyzer-results for each subproject in a large monorepo. The FOSS analyst needs
to see a condensed form of the individual dependency graphs across the project
monorepo. We solve this issue by merging all individual analyzer results into one.

Signed-off-by: Rainer Bieniek <extern.rainer.bieniek@porsche.de>
@sschuberth
Copy link
Member

I would like to understand if there is an automatic way (best practice) how we can merge (in ORT) multiple yml. files into ONE?

I have a hunch that we're jumping to conclusions too quickly with implying that merging (analyzer) result files is the right approach.

Let's step back a bit and ask ourselves what we want to achieve. From re-reading @nikpete's OP my guess is that in the end only a single / combined report (i.e. attribution document) is needed. As attribution documents contain far less information than full-blown ORT result files, maybe the better approach is to not merge ORT result files beforehand at all, but to create a special reporter that can take multiple ORT result files and simply attributes to the union of all contained projects / packages in a single report?

@sschuberth sschuberth mentioned this issue Jul 28, 2022
Closed
JSurf pushed a commit to vitecde/ort that referenced this issue Mar 12, 2024
@porsche-rbieniek @JSurf
helper-cli: Add helper command for merging analyzer result files
55d959c 
This helper CLI function is used by Porsche to solve the issue oss-review-toolkit#4364

The rationale behind this is that some projects at Porsche deliver individual
analyzer-results for each subproject in a large monorepo. The FOSS analyst needs
to see a condensed form of the individual dependency graphs across the project
monorepo. We solve this issue by merging all individual analyzer results into one.

Signed-off-by: Rainer Bieniek <extern.rainer.bieniek@porsche.de>
@sschuberth sschuberth added the documentation About end-user documentation label Jun 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation About end-user documentation question An issue that is actually a question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sschuberth @mnonnenmacher @nikpete @porsche-rbieniek