Skip to content

vendor: github.com/in-toto/in-toto-golang v0.5.0#3415

Merged
tonistiigi merged 1 commit intomoby:masterfrom
thaJeztah:intoto_tagged_version
Dec 16, 2022
Merged

vendor: github.com/in-toto/in-toto-golang v0.5.0#3415
tonistiigi merged 1 commit intomoby:masterfrom
thaJeztah:intoto_tagged_version

Conversation

@thaJeztah
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah commented Dec 15, 2022

switch to a tagged release.

in-toto/in-toto-golang@fa494aa...v0.5.0

This was referenced Dec 15, 2022
Merged
Closed
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Dec 15, 2022

Looks like fixes are needed somewhere to make sure BuildKit is compatible with their current release;

#13 [stage-0 5/6] RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache   GOARCH=amd64 golangci-lint run &&   GOARCH=arm64 golangci-lint run
#13 136.5 solver/llbsolver/provenance/predicate.go:61:42: ProvenanceMaterial not declared by package v02 (typecheck)
#13 136.5 func slsaMaterials(srcs Sources) ([]slsa.ProvenanceMaterial, error) {
#13 136.5                                          ^
#13 136.5 solver/llbsolver/provenance/predicate.go:115:52: ProvenanceMaterial not declared by package v02 (typecheck)
#13 136.5 func findMaterial(srcs Sources, uri string) (*slsa.ProvenanceMaterial, bool) {
#13 136.5                                                    ^
#13 136.5 solver/llbsolver/provenance/predicate.go:63:21: ProvenanceMaterial not declared by package v02 (typecheck)
#13 136.5 	out := make([]slsa.ProvenanceMaterial, 0, count)
#13 136.5 	                   ^
#13 136.5 solver/llbsolver/provenance/predicate.go:72:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^
#13 136.5 solver/llbsolver/provenance/predicate.go:81:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^
#13 136.5 solver/llbsolver/provenance/predicate.go:90:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^
#13 ERROR: process "/bin/sh -c GOARCH=amd64 golangci-lint run &&   GOARCH=arm64 golangci-lint run" did not complete successfully: exit code: 1
------
 > [stage-0 5/6] RUN --mount=target=/go/src/github.com/moby/buildkit --mount=target=/root/.cache,type=cache   GOARCH=amd64 golangci-lint run &&   GOARCH=arm64 golangci-lint run:
#13 136.5 	                   ^
#13 136.5 solver/llbsolver/provenance/predicate.go:72:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^
#13 136.5 solver/llbsolver/provenance/predicate.go:81:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^
#13 136.5 solver/llbsolver/provenance/predicate.go:90:17: DigestSet not declared by package v02 (typecheck)
#13 136.5 			Digest: slsa.DigestSet{
#13 136.5 			             ^

@errordeveloper
Copy link
Copy Markdown
Contributor

errordeveloper commented Dec 15, 2022

@thaJeztah the culprit is that types been moved to a common subpackage https://pkg.go.dev/github.com/in-toto/in-toto-golang@v0.5.0/in_toto/slsa_provenance/common

@thaJeztah thaJeztah force-pushed the intoto_tagged_version branch from 5396d12 to eb42040 Compare December 15, 2022 15:35
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Dec 15, 2022

Thanks for digging, @errordeveloper ! I updated the PR; let's see if it's happy now 😅

@thaJeztah
vendor: github.com/in-toto/in-toto-golang v0.5.0
e83fc5c 
switch to a tagged release.

Also renamed the alias to slsa02 to match what the project itself uses.

in-toto/in-toto-golang@fa494aa...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
thaJeztah
thaJeztah commented Dec 15, 2022
View reviewed changes
Comment thread solver/llbsolver/provenance/predicate.go Outdated
Comment on lines 7 to 8
slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
Copy link
Copy Markdown
Member Author

@thaJeztah thaJeztah Dec 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the project itself uses slsa02 as alias; let me update it here as well to stay consistent and prevent confusion.

@thaJeztah thaJeztah force-pushed the intoto_tagged_version branch from eb42040 to e83fc5c Compare December 15, 2022 16:26
@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Dec 15, 2022

🎉 looks like it's green now; I just pushed the last change to rename the aliases, but this should be good for review 👍

jedevc
jedevc approved these changes Dec 15, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@jedevc jedevc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @thaJeztah ❤️

PTAL @tonistiigi

tonistiigi
tonistiigi reviewed Dec 15, 2022
View reviewed changes
Comment thread solver/llbsolver/proc/provenance.go
"strconv"

slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi Dec 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the prefix numbers? That is not the real pkg name anyway.

tonistiigi
tonistiigi approved these changes Dec 15, 2022
View reviewed changes
Copy link
Copy Markdown
Member

@tonistiigi tonistiigi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like vendor changes are only in comments. But not sure why we are making it less readable with the pkg name numbers.

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Dec 15, 2022

Why the prefix numbers? That is not the real pkg name anyway.

@tonistiigi I picked that alias to match what they use in their repo #3415 (comment). Overall it's a bit weird to version packages like that within a module, but 🤷‍♂️

See https://github.com/in-toto/in-toto-golang/blob/3d5537e8b005677f36fe836d15260adc65322f3e/in_toto/model.go#L18-L20

	"github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common"
	slsa01 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1"
	slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"

@tonistiigi
Copy link
Copy Markdown
Member

tonistiigi commented Dec 15, 2022

@thaJeztah I can see how this is required when both versions are included but we never import v1 at all.

@thaJeztah
Copy link
Copy Markdown
Member Author

thaJeztah commented Dec 15, 2022

Not saying I like the slsa01 / slsa02 aliases, but given that both v0.1 and v0.2 have types with the same name (ProvenancePredicate), I think it helps to be consistent, so that whenever you'd encounter slsa02.ProvenancePredicate, you know we're talking about the same thing as the module itself does.

@tonistiigi tonistiigi merged commit 0339524 into moby:master Dec 16, 2022
@thaJeztah thaJeztah deleted the intoto_tagged_version branch December 16, 2022 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tonistiigi tonistiigi tonistiigi approved these changes

@jedevc jedevc jedevc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@thaJeztah @errordeveloper @tonistiigi @jedevc