Skip to content

scan: ability to override repository#1040

Open
Dentrax wants to merge 1 commit intowolfi-dev:mainfrom
Dentrax:scan-repository-override
Open

scan: ability to override repository#1040
Dentrax wants to merge 1 commit intowolfi-dev:mainfrom
Dentrax:scan-repository-override

Conversation

@Dentrax
Copy link
Member

@Dentrax Dentrax commented Jul 8, 2024 

go run . scan my-custom-package --remote --repository https://my/custom/respository

--repository string            URL of the Wolfi package repository (default "https://packages.wolfi.dev/os")

@Dentrax Dentrax force-pushed the scan-repository-override branch 2 times, most recently from cbd5210 to 0218df1 Compare July 8, 2024 13:45
luhring
luhring reviewed Jul 8, 2024
View reviewed changes
pkg/cli/scan.go Outdated
Comment on lines 610 to 615
// getRepositoryURL returns the URL of the APKINDEX.tar.gz file for the given
// repository and architecture. If the repository URL already points to an
// APKINDEX.tar.gz file, it will be returned as-is. User input may or may not
// have included the architecture or the APKINDEX.tar.gz suffix, so construct
// the full URL to provide better UX.
func getRepositoryURL(repository, arch string) string {
Copy link
Contributor

@luhring luhring Jul 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to make the behavior simpler and more predictable, by requiring the caller to pass the URL to the repo and not to the index tar gz?

Copy link
Member Author

@Dentrax Dentrax Jul 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you provide some example on this?

Copy link
Contributor

@luhring luhring Jul 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just wondering if we need to support both with and without the .../APKINDEX.tar.gz... It'd be simpler to say the URL has to be just to the repo, so like https://packages.wolfi.dev/os, instead of accepting multiple forms, unless we really need to support both?

Copy link
Member Author

@Dentrax Dentrax Jul 13, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we need to support both

IIUC, apk ls command supports both, and some packages does provide only single architecture, thats where we may need to pass the ARCH in the URL.

Copy link
Contributor

@luhring luhring Aug 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some packages does provide only single architecture

If I'm following you, this problem exists with the remote scanning feature with or without this new enhancement, is that right?

Would a better solution here be to show a warning if not all architectures are found? And still error if none can be found?

I guess I'm not following how architecture availability is specific to this new flag, but maybe you can help me follow :)

@Dentrax Dentrax force-pushed the scan-repository-override branch 5 times, most recently from bae53cb to 594a172 Compare July 13, 2024 10:45
@Dentrax
scan: ability to override repository
6c99b9e 
Signed-off-by: Dentrax <furkan.turkal@chainguard.dev>
@Dentrax Dentrax force-pushed the scan-repository-override branch from 594a172 to 6c99b9e Compare July 13, 2024 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@luhring luhring luhring left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dentrax @luhring