Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(maven): only fetch snapshots and releases when enabled #1436

Merged
merged 12 commits into from
Dec 19, 2024
Merged

feat(maven): only fetch snapshots and releases when enabled #1436

merged 12 commits into from
Dec 19, 2024

Conversation

cuixq
Copy link
Contributor

@cuixq cuixq commented Dec 10, 2024
edited
Loading

#1280

In Maven pom.xml, download policies can be specified for repositories to decide whether to fetch releases/snapshots or not, which is currently not supported in MavenRegistryAPIClient. This causes us making many unnecessary requests.

This PR defines a new data structure to hold information for a Maven registry including the download policies. For the default registry, we assume it is only allowed to download releases (it can be a TODO to support specifying this via CLI flags).

@codecov-commenter
Copy link

codecov-commenter commented Dec 10, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 52.70270% with 35 lines in your changes missing coverage. Please review.

Project coverage is 67.21%. Comparing base (36bf2ee) to head (be66975).

Files with missing lines Patch % Lines
internal/manifest/maven.go 0.00% 7 Missing ⚠️
cmd/osv-scanner/fix/noninteractive.go 0.00% 6 Missing ⚠️
internal/resolution/manifest/maven.go 14.28% 6 Missing ⚠️
...calibrextract/language/java/pomxmlnet/extractor.go 14.28% 6 Missing ⚠️
internal/resolution/datasource/maven_registry.go 85.29% 2 Missing and 3 partials ⚠️
...nternal/resolution/client/maven_registry_client.go 33.33% 2 Missing and 2 partials ⚠️
internal/utility/maven/maven.go 83.33% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1436      +/-   ##
==========================================
- Coverage   67.25%   67.21%   -0.04%     
==========================================
  Files         192      192              
  Lines       18133    18169      +36     
==========================================
+ Hits        12196    12213      +17     
- Misses       5291     5310      +19     
  Partials      646      646

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cuixq cuixq mentioned this pull request Dec 17, 2024
Open
@cuixq cuixq marked this pull request as ready for review December 18, 2024 02:49
michaelkedar
michaelkedar reviewed Dec 18, 2024
View reviewed changes
Copy link
Member

@michaelkedar michaelkedar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice

internal/resolution/manifest/maven.go Outdated Show resolved Hide resolved
internal/resolution/client/client.go Outdated Show resolved Hide resolved
internal/resolution/datasource/maven_registry.go Outdated Show resolved Hide resolved
internal/resolution/datasource/maven_registry.go Show resolved Hide resolved
@spencerschrock spencerschrock mentioned this pull request Dec 18, 2024
Merged
michaelkedar
michaelkedar approved these changes Dec 19, 2024
View reviewed changes
internal/utility/maven/maven.go Outdated Show resolved Hide resolved
@cuixq cuixq merged commit faad98e into google:main Dec 19, 2024
13 checks passed
@cuixq cuixq deleted the enable branch December 19, 2024 02:41
cuixq added a commit to cuixq/osv-scanner that referenced this pull request Dec 19, 2024
@cuixq
feat(maven): only fetch snapshots and releases when enabled (google#1436
eb2ad9f 
)

google#1280

In Maven pom.xml, download policies can be specified for repositories to
decide whether to fetch releases/snapshots or not, which is currently
not supported in MavenRegistryAPIClient. This causes us making many
unnecessary requests.

This PR defines a new data structure to hold information for a Maven
registry including the download policies. For the default registry, we
assume it is only allowed to download releases (it can be a TODO to
support specifying this via CLI flags).
@cuixq cuixq mentioned this pull request Dec 19, 2024
Merged
cuixq added a commit that referenced this pull request Dec 19, 2024
@cuixq @michaelkedar
chore: cherry-pick fixes to v1 (#1459)
5e6828a 
This PR cherry-pick two fixes to v1:
 - #1436
 - #1456

---------

Co-authored-by: Michael Kedar <[email protected]>
@BrewTestBot BrewTestBot mentioned this pull request Dec 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelkedar michaelkedar michaelkedar approved these changes

@oliverchang oliverchang oliverchang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cuixq @codecov-commenter @oliverchang @michaelkedar