Skip to content

feat: add local artifact command line argument #1159

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: add local artifact command line argument #1159

wants to merge 3 commits into from

Conversation

benmss
Copy link
Member

@benmss benmss commented Aug 19, 2025

Summary

This PR adds a new command line argument for passing local artefacts to Macaron. These artefacts can be used in places where they would otherwise be downloaded. Primarily this is useful for GitHub attestation discovery, which requires the hash of an artefact in order to be used.

Description of changes

Local Artefact Changes

When retrieving hashes for GitHub attestation, any passed local artefact will be checked first. To better handle this new use case, the local artefact functions have been adjusted to make a distinction between directories and individual files. Therefore, when passing a local artefact argument, the directory lookup step is skipped allowing the file to be examined directly.

Database Recording

If an artefact hash is correctly retrieved as part of the analysis, details of the artefact and its hash will now be stored in the database under the ReleaseArtifact and HashDIgest tables respectively. This creates a record of the artefact that can be referenced even if the local file goes missing. The same has been applied for remote artefacts. It should be noted that the name field of the artefact table has been somewhat overloaded, with the local path or remote URL being used for that purpose. This may suggest that the table should needs adjustment.

__main__ Refactoring

As part of this PR, the creation steps of the various parser arguments in the __main__ script have been moved to relevant functions instead of all being in a single long function. Unfortunately, the Any type must be used for the parsers being passed to these functions, as the add_subparsers function reportedly returns an internal type.

Related issues

Closes #498

@benmss benmss self-assigned this Aug 19, 2025
@benmss benmss added enhancement Enhancement of a feature cli related to the Command-line Interface labels Aug 19, 2025
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 19, 2025
@benmss benmss requested a review from behnazh-w August 22, 2025 13:52
benmss added 3 commits August 22, 2025 23:53
@benmss
feat: add local artifact support
26ba400 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: simplify integration test
9ef8b3e 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: update tests
3de80b0 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss benmss force-pushed the 498-artifact-as-input branch from 32f6e12 to 3de80b0 Compare August 22, 2025 13:54
@benmss benmss marked this pull request as ready for review August 24, 2025 07:10
@benmss benmss requested a review from tromai as a code owner August 24, 2025 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@behnazh-w behnazh-w Awaiting requested review from behnazh-w behnazh-w is a code owner

@tromai tromai Awaiting requested review from tromai tromai is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@benmss benmss

Labels
cli related to the Command-line Interface enhancement Enhancement of a feature OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Accept an artifact file as input
1 participant
@benmss