Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add checksum in kpm workflow #520

Merged
merged 2 commits into from
Nov 26, 2024
Merged

feat: add checksum in kpm workflow #520

merged 2 commits into from
Nov 26, 2024

Conversation

NishantBansal2003
Copy link
Contributor

1. Does this PR affect any open issues?(Y/N) and add issue references:

fix #394

  • N
  • Y

2. What is the scope of this PR (e.g. component or file name):

pkg/client/client.go

3. Provide a description of the PR(e.g. more details, effects, motivations or doc link):

This PR adds a checksum verification step to the kpm workflow to enhance the security and integrity of third-party dependencies. The integration ensures that each package’s checksum is validated during downloading, preventing unauthorized or tampered packages from being incorporated into the project.

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Other

4. Are there any breaking changes?(Y/N) and describe the breaking changes(e.g. more details, motivations or doc link):

  • N
  • Y

5. Are there test cases for these changes?(Y/N) select and add more details, references or doc links:

  • Unit test
  • Integration test
  • Benchmark (add benchmark stats below)
  • Manual test (add detailed scripts or steps below)
  • Other

@NishantBansal2003
Copy link
Contributor Author

NishantBansal2003 commented Nov 5, 2024
edited
Loading

I will address the failing CI after this PR (kcl-lang/modules#243) is merged (mostly resolved on its own) and once I receive reviews on the current checksum integration code design.

@Peefy
Copy link
Contributor

Peefy commented Nov 8, 2024

cc @zong-zhe

@NishantBansal2003 NishantBansal2003 mentioned this pull request Nov 20, 2024
Merged
1 task
@NishantBansal2003
Copy link
Contributor Author

😄 I will update it later in this PR #520

cc: @zong-zhe

@zong-zhe
Copy link
Contributor

Hi @NishantBansal2003 😄

I have tried to test your PR locally, And I think that it needs a feature flag to control the checksum function on and off, because checksum function is a destructive function, it may cause the user's client to not work properly, which is probably the main reason why tests fail in Github Action. You can refer to some of the feature flags implemented here

kpm/pkg/features/features.go

Line 13 in 63bea3a

SupportMVS = "SupportMVS"
, and add a switch to the functionality of your PR.

@NishantBansal2003
integrate checksum in kpm workflow
b9f3bda 
Signed-off-by: Nishant Bansal <nishant.bansal.282003@gmail.com>
@NishantBansal2003
added feature flag
5a944ea 
Signed-off-by: Nishant Bansal <nishant.bansal.282003@gmail.com>
@coveralls
Copy link

Pull Request Test Coverage Report for Build 12010997316

Details

  • 22 of 66 (33.33%) changed or added relevant lines in 1 file are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.02%) to 41.211%
Changes Missing Coverage Covered Lines Changed/Added Lines %
pkg/client/client.go 22 66 33.33%
Totals Coverage Status
Change from base Build 11969431770: 0.02%
Covered Lines: 3983
Relevant Lines: 9665
💛 - Coveralls

@NishantBansal2003 NishantBansal2003 changed the title [WIP]: Integrate checksum in kpm workflow Integrate checksum in kpm workflow Nov 25, 2024
@NishantBansal2003 NishantBansal2003 changed the title Integrate checksum in kpm workflow feat: add checksum in kpm workflow Nov 25, 2024
zong-zhe
zong-zhe approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@zong-zhe zong-zhe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zong-zhe zong-zhe merged commit fe83a24 into kcl-lang:main Nov 26, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zong-zhe zong-zhe zong-zhe approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[LFT Term 3]: The checksum check of the three-party dependencies
4 participants
@NishantBansal2003 @Peefy @zong-zhe @coveralls