60 feat retrieve SBOM from image manifest if it exists #66
Conversation
Move hardcoded values to enum classes Add tests for new sbom methods
|
I am a bot, here is the pushed image/manifest for this PR:
|
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new SBOM (Software Bill of Materials) generation approach that attempts to retrieve SBOM data directly from image manifests using Docker buildx imagetools before falling back to the existing Syft-based method. The changes also refactor hardcoded strings into enum classes for better maintainability.
- Adds new SBOM generation methods that prioritize manifest-based retrieval over container scanning
- Introduces enum classes for CI test names, results, and platforms to replace hardcoded strings
- Deprecates the existing
generate_sbommethod in favor of the newmake_sbomapproach
Reviewed Changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| ci/ci.py | Core implementation of new SBOM methods and enum classes for better code organization |
| tests/test_ci.py | Updated tests to use new enum classes and added comprehensive test coverage for new SBOM methods |
| tests/sbom_buildx_formatted_blob.txt | Test fixture containing formatted SBOM output for validation |
| test_build.py | Updated to use new enum classes for consistent status handling |
| Dockerfile | Added docker-buildx-plugin dependency required for new SBOM functionality |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
ci/ci.py
Outdated
| badge.write_badge(f"{self.outdir}/badge.svg", overwrite=True) | ||
| with open(f"{self.outdir}/ci-status.yml", "w", encoding="utf-8") as file: | ||
| file.write(f"CI: '{self.report_status}'") | ||
| file.write(f"CI: '{self.report_status.value}'\n") |
There was a problem hiding this comment.
The newline character should be removed from this line. The original code without the newline was correct, and adding it may cause issues with YAML parsing if this file is meant to be consumed as valid YAML.
| file.write(f"CI: '{self.report_status.value}'\n") | |
| file.write(f"CI: '{self.report_status.value}'") |
Copilot uses AI. Check for mistakes.
ci/ci.py
Outdated
| """ | ||
| start_time = time.time() | ||
| sbom: str | CITestResult = self.get_sbom_buildx_blob(tag) | ||
| if isinstance(sbom, str) and sbom != CITestResult.ERROR: |
There was a problem hiding this comment.
This comparison is incorrect. sbom is a string but CITestResult.ERROR is an enum instance. The comparison should be sbom != CITestResult.ERROR.value to compare the string value.
| if isinstance(sbom, str) and sbom != CITestResult.ERROR: | |
| if isinstance(sbom, str) and sbom != CITestResult.ERROR.value: |
Copilot uses AI. Check for mistakes.
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
I am a bot, here is the pushed image/manifest for this PR:
|
|
Depends on linuxserver/docker-jenkins-builder#352 now so we can properly test across a range of images. |
New
Adds methods for retrieving SBOM from manifest, will fall back to use syft if it fails.
make_sbomget_sbom_syftget_sbom_buildx_blobparse_buildx_sbomformat_package_tableAdded tests for new methods.
test_parse_buildx_sbomtest_format_package_tabletest_get_sbom_buildx_blobtest_make_sbomChanged
Moved repeating hardcoded values into enum classes.
CITestsCITestResultCIReportResultPlatformDeprecated
generate_sbom