feat: use the SCI layer2 module for the cmd CLI #284
Conversation
|
Are we interested in making the change from assessment-requirements to requirements? I'm glad to go through files and make changes if the group agrees. |
In this particular case, I believe the change should probably happen in SCI, because of:
From my perspective, this is more motivation to ensure that the go types for Layer 2 are generated based on the schema, so they cannot fall out of sync with one another. That said, since the baseline YAML files do not contain a schema reference to the version of the SCI layer 2 schema in use, its hard to pin down. In short, this is good feedback for the SCI project and can help us mature it |
There was a problem hiding this comment.
Thanks for making this better, @trumant! Nack-ing for now so that we don't accidentally merge this too soon.
I think the overall approach is good, but it will also require an update to template-checklist.md and to README.md to reflect the changed name of the fields. Plus the open discussion items.
This PR introduces generation of Layer 2 go struct types using `cue exp gengotypes`. This change will ensure that all changes made to the `schemas/layer-2.cue` will be reflected in the go types without manual maintenance effort. This should help reduce the occurrence of bugs like those noted in ossf/security-baseline#284 This PR updates revanite-io#22 Signed-off-by: Travis Truman <[email protected]>
trumant
force-pushed
the
use-sci-for-catalog-manipulation
branch
from
1477772 to
4750975
Compare
* feat: generate layer 2 go types from cue schema This PR introduces generation of Layer 2 go struct types using `cue exp gengotypes`. This change will ensure that all changes made to the `schemas/layer-2.cue` will be reflected in the go types without manual maintenance effort. This should help reduce the occurrence of bugs like those noted in ossf/security-baseline#284 This PR updates #22 Signed-off-by: Travis Truman <[email protected]> * docs: rm misleading doc section Signed-off-by: Travis Truman <[email protected]> --------- Signed-off-by: Travis Truman <[email protected]>
trumant
force-pushed
the
use-sci-for-catalog-manipulation
branch
4 times, most recently
from
ed2a116 to
c90cfbc
Compare
I've made these changes within this PR |
trumant
force-pushed
the
use-sci-for-catalog-manipulation
branch
from
c90cfbc to
31d77bb
Compare
Thanks for the reminder on those additional required changes. They have now been made. |
There was a problem hiding this comment.
This is excellent @trumant 🔥
And @funnelfiasco thanks for testing locally so that I can just review the code changes here ✊
trumant
force-pushed
the
use-sci-for-catalog-manipulation
branch
2 times, most recently
from
90801e4 to
a27283e
Compare
This PR removes duplication of the layer2 code from revanite-io/sci in favor of simply using that module directly. Signed-off-by: Travis Truman <[email protected]>
trumant
force-pushed
the
use-sci-for-catalog-manipulation
branch
from
a27283e to
8051b6b
Compare
This PR removes duplication of the layer2 code
from revanite-io/sci in favor of simply using that module directly.
This PR also changes our YAML dependency as the prior one used is now archived and no longer maintained.