Skip to content

scan: ability to override repository #1040

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

scan: ability to override repository #1040

wants to merge 1 commit into from

Conversation

Dentrax
Copy link
Member

@Dentrax Dentrax commented Jul 8, 2024 

go run . scan my-custom-package --remote --repository https://my/custom/respository

--repository string            URL of the Wolfi package repository (default "https://packages.wolfi.dev/os")

@Dentrax Dentrax force-pushed the scan-repository-override branch 2 times, most recently from cbd5210 to 0218df1 Compare July 8, 2024 13:45
luhring
luhring reviewed Jul 8, 2024
View reviewed changes
pkg/cli/scan.go Outdated
Comment on lines 610 to 615
// getRepositoryURL returns the URL of the APKINDEX.tar.gz file for the given
// repository and architecture. If the repository URL already points to an
// APKINDEX.tar.gz file, it will be returned as-is. User input may or may not
// have included the architecture or the APKINDEX.tar.gz suffix, so construct
// the full URL to provide better UX.
func getRepositoryURL(repository, arch string) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to make the behavior simpler and more predictable, by requiring the caller to pass the URL to the repo and not to the index tar gz?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you provide some example on this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if we need to support both with and without the .../APKINDEX.tar.gz... It'd be simpler to say the URL has to be just to the repo, so like https://packages.wolfi.dev/os, instead of accepting multiple forms, unless we really need to support both?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we need to support both

IIUC, apk ls command supports both, and some packages does provide only single architecture, thats where we may need to pass the ARCH in the URL.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some packages does provide only single architecture

If I'm following you, this problem exists with the remote scanning feature with or without this new enhancement, is that right?

Would a better solution here be to show a warning if not all architectures are found? And still error if none can be found?

I guess I'm not following how architecture availability is specific to this new flag, but maybe you can help me follow :)

@Dentrax Dentrax force-pushed the scan-repository-override branch 5 times, most recently from bae53cb to 594a172 Compare July 13, 2024 10:45
@Dentrax
scan: ability to override repository
6c99b9e 
Signed-off-by: Dentrax <furkan.turkal@chainguard.dev>
@Dentrax Dentrax force-pushed the scan-repository-override branch from 594a172 to 6c99b9e Compare July 13, 2024 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luhring luhring luhring left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dentrax @luhring