chore: update package information report #2674
Conversation
JoeWang1127
added
the
owlbot:run
gcf-owl-bot
bot
removed
the
owlbot:run
JoeWang1127
added
the
owlbot:run
gcf-owl-bot
bot
removed
the
owlbot:run
|
"Downstream Unmanaged Dependency Check / validate (java-bigtable)" is irrelevant to this PR. |
JoeWang1127
added
the
owlbot:run
gcf-owl-bot
bot
removed
the
owlbot:run
| return builder.toString(); | ||
| } | ||
|
|
||
| private void appendToReport(StringBuilder builder, PackageInfo packageInfo) { |
| } | ||
|
|
||
| private String endSeparator() { | ||
| return "==========================================================="; | ||
| } | ||
|
|
||
| private String packageInfoReport() { |
There was a problem hiding this comment.
Would you add a test case of the pull request description?
Java 17's test block should make it easy. https://blogs.oracle.com/javamagazine/post/text-blocks-come-to-java
There was a problem hiding this comment.
Would you add a test case of the pull request description?
It's not easily test using unit test as the encoded string needs to be sent to deps.dev to verify the correctness.
I'll write an integration test for it.
There was a problem hiding this comment.
Would you write this in a way that the formatter function should operate on a Record class to generate the formatted string.
In this design, the unit test for the formatter does not need to access deps.dev.
There was a problem hiding this comment.
Wrote unit tests to verify the encoded string.
| builder.append(String.format("## Package information of %s\n", versionKey)); | ||
| builder.append(String.format("Licenses: %s\n", packageInfo.licenses())); | ||
| builder.append( | ||
| String.format("Vulnerabilities: None.\nChecked in [deps.dev query](%s)\n", |
There was a problem hiding this comment.
The visible part of the link should have the artifact coordinates.
| builder.append("\n\n"); | ||
| appendToReport(builder, packageInfos.get(0)); | ||
|
|
||
| builder.append("## Dependencies:\n"); |
There was a problem hiding this comment.
Having the headings of the same level line by line is strange. This means the 1st section is empty. Would you fix this somehow?
| } | ||
|
|
||
| private String endSeparator() { | ||
| return "==========================================================="; | ||
| } | ||
|
|
||
| private String packageInfoReport() { |
There was a problem hiding this comment.
Would you write this in a way that the formatter function should operate on a Record class to generate the formatted string.
In this design, the unit test for the formatter does not need to access deps.dev.
product-auto-label
bot
added
size: l
product-auto-label
bot
added
size: m
|
|
In this PR: - Generate package information report for package that has no non-compliant licenses and security vulnerabilities. - Encode version using `URLEncoder`. The version may contain special characters that needs to be encoded before sending to deps.dev, e.g., [9+181-r4173-1](https://deps.dev/maven/com.google.errorprone%3Ajavac-shaded/9%2B181-r4173-1). An example of the report: ``` ## Package information of io.opentelemetry:opentelemetry-api:1.37.0 Licenses: [Apache-2.0] Vulnerabilities: None. Checked in [deps.dev query](https://api.deps.dev/v3/query?versionKey.system=MAVEN&versionKey.name=io.opentelemetry:opentelemetry-api&versionKey.version=1.37.0) ## Dependencies: ## Package information of io.opentelemetry:opentelemetry-context:1.37.0 Licenses: [Apache-2.0] Vulnerabilities: None. Checked in [deps.dev query](https://api.deps.dev/v3/query?versionKey.system=MAVEN&versionKey.name=io.opentelemetry:opentelemetry-context&versionKey.version=1.37.0) ```
In this PR:
URLEncoder. The version may contain special characters that needs to be encoded before sending to deps.dev, e.g., 9+181-r4173-1.An example of the report: