On Tue, 2022-06-28 at 15:37 +0200, Davide Gardenal wrote:

The rationale behind refactoring the class is to make testing
and maintainability easier.

This commit includes:
- bb var refactor for better readability
- function and program flow refactor for better scalability
and extensibility
- better documentation for all the functions
- minor bug fixes when using specific configurations

Deleted bb vars:
- CVE_CHECK_LOG
- CVE_CHECK_TMP_FILE
- CVE_CHECK_SUMMARY_DIR
- CVE_CHECK_SUMMARY_FILE_NAME
- CVE_CHECK_SUMMARY_FILE
- CVE_CHECK_SUMMARY_FILE_NAME_JSON
- CVE_CHECK_SUMMARY_INDEX_PATH
- CVE_CHECK_LOG_JSON
- CVE_CHECK_RECIPE_FILE
- CVE_CHECK_RECIPE_FILE_JSON
- CVE_CHECK_MANIFEST
- CVE_CHECK_MANIFEST_JSON
- CVE_CHECK_CREATE_MANIFEST

Renamed bb vars:
- CVE_CHECK_DIR -> CVE_CHECK_OUTPUT_DIR
- CVE_CHECK_COPY_FILES -> CVE_CHECK_CREATE_RECIPE_REPORTS

Added bb vars:
- CVE_CHECK_CREATE_BUILD_REPORT: flag to control if cve-check
creates a build report or not
- CVE_CHECK_CREATE_IMAGE_REPORT: flag to control if cve-check
creates an image report or not
- CVE_CHECK_TXT_INDEX_FILE: path of the temporary index file
for the txt output format. Deleted after the build is
completed
- CVE_CHECK_TXT_INDEX_DIR: folder path where all the temp
recipes reports with txt format are store. Deleted after
the build is completed
- CVE_CHECK_JSON_INDEX_FILE: same as CVE_CHECK_TXT_INDEX_FILE
but for the json format
- CVE_CHECK_JSON_INDEX_DIR: same as CVE_CHECK_TXT_INDEX_DIR
but for the json format
- CVE_CHECK_IMAGE_REPORT_FILE_NAME_BASE: name without extension
of the report for the image
- CVE_CHECK_BUILD_REPORT_FILE_NAME_BASE: name without extension
of the report for the entire build
- CVE_CHECK_RECIPE_FILE_NAME_BASE: name without extension of
the report for every recipe

Default output structure (with txt and json format enabled):
tmp

-log

|-cve
|-build_reports
| |-txt
| | |- build report files with txt format
| |-json
| |- build report files with json format
|-image_reports
| |-txt
| | |- image report files with txt format
| |-json
| |- image report file with json format
|-recipe_reports
| |-txt
| |- recipe report files with txt format
| |-json
| |- recipe report files with json format
|-cve-report.json -> link pointing to the latest json build report
|-cve-report.txt -> link pointing to the latest txt build report

Note that a link to the latest image report is present in the
image deploy folder.

Signed-off-by: Davide Gardenal <davide.gardenal@...>
---
meta/classes/cve-check.bbclass | 642 +++++++++++++++++++++++++----------------
1 file changed, 390 insertions(+), 252 deletions(-)

I'm a bit worried about this patchset since it changes lots of
different things and it does it as a flag day, there is no incremental
approach to the patches or backwards compatibility.

The patch commit long says a lot about the mechanics of the change but
not a lot about the reasons for the change and how they benefit the
user or the project?

If we're going to do something that radical, should we just drop the
text based output and use the json output?

Normally where new common functions are created like 2/5 and 3/5, we'd
adjust existing code to use them in the same patch.

I'm also worried about the implications for the CVE code in dunfell and
kirkstone with this level of changes. At some point those codebases may
need to diverge :/

Cheers,

Richard